Bug 977615 – VUL-0: CVE-2016-2106: openssl: EVP_EncryptUpdate overflow

Bug 977615 - (CVE-2016-2106) VUL-0: CVE-2016-2106: openssl: EVP_EncryptUpdate overflow

(CVE-2016-2106)
Summary:	VUL-0: CVE-2016-2106: openssl: EVP_EncryptUpdate overflow

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2016-2106:5.1:(AV:N/A...
Keywords:

Depends on:
Blocks:	977584
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-04-28 11:17 UTC by Andreas Stieger
Modified:	2022-02-16 21:23 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
CVE-2016-2106.c (699 bytes, text/plain) 2016-05-02 11:37 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 1 Andreas Stieger 2016-04-28 12:11:01 UTC

CRD: 2016-05-03 15:00 UTC

Comment 2 Swamp Workflow Management 2016-04-28 22:00:35 UTC

bugbot adjusting priority

Comment 11 Marcus Meissner 2016-05-02 11:37:51 UTC

Created attachment 675199 [details]
CVE-2016-2106.c

QA REPRODUCER:

gcc -O2 -o CVE-2016-2106 CVE-2016-2106.c -lcrypto -g 
./CVE-2016-2106

before:
outbufcnt 8
Speicherzugriffsfehler

after:
outbufcnt 8
outbufcnt 0x80000000

Comment 14 Swamp Workflow Management 2016-05-03 08:02:54 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-05-10.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62679

Comment 15 Marcus Meissner 2016-05-03 08:11:24 UTC

committed to public git

commit 56ea22458f3f5f1d0148b0a97957de4d56f3d328
Author: Matt Caswell <matt@openssl.org>
Date:   Thu Mar 3 23:36:23 2016 +0000

    Fix encrypt overflow
    
    An overflow can occur in the EVP_EncryptUpdate function. If an attacker is
    able to supply very large amounts of input data after a previous call to
    EVP_EncryptUpdate with a partial block then a length check can overflow
    resulting in a heap corruption.
    
    Following an analysis of all OpenSSL internal usage of the
    EVP_EncryptUpdate function all usage is one of two forms.
    
    The first form is like this:
    EVP_EncryptInit()
    EVP_EncryptUpdate()
    
    i.e. where the EVP_EncryptUpdate() call is known to be the first called
    function after an EVP_EncryptInit(), and therefore that specific call
    must be safe.
    
    The second form is where the length passed to EVP_EncryptUpdate() can be
    seen from the code to be some small value and therefore there is no
    possibility of an overflow.
    
    Since all instances are one of these two forms, I believe that there can
    be no overflows in internal code due to this problem.
    
    It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
    in certain code paths. Also EVP_CipherUpdate() is a synonym for
    EVP_EncryptUpdate(). Therefore I have checked all instances of these
    calls too, and came to the same conclusion, i.e. there are no instances
    in internal usage where an overflow could occur.
    
    This could still represent a security issue for end user code that calls
    this function directly.
    
    CVE-2016-2106
    
    Issue reported by Guido Vranken.
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (cherry picked from commit 3f3582139fbb259a1c3cbb0a25236500a409bf26)

Comment 16 Bernhard Wiedemann 2016-05-03 15:00:29 UTC

This is an autogenerated message for OBS integration:
This bug (977615) was mentioned in
https://build.opensuse.org/request/show/393430 13.2+42.1 / openssl

Comment 17 Bernhard Wiedemann 2016-05-03 16:00:24 UTC

This is an autogenerated message for OBS integration:
This bug (977615) was mentioned in
https://build.opensuse.org/request/show/393456 Factory / openssl

Comment 18 Bernhard Wiedemann 2016-05-03 18:00:30 UTC

This is an autogenerated message for OBS integration:
This bug (977615) was mentioned in
https://build.opensuse.org/request/show/393469 13.2+42.1 / libopenssl0_9_8

Comment 21 Swamp Workflow Management 2016-05-03 20:09:13 UTC

SUSE-SU-2016:1206-1: An update that solves 5 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 889013,971354,976942,976943,977614,977615,977616,977617,977621
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssl1-1.0.1g-0.47.1

Comment 22 Swamp Workflow Management 2016-05-04 14:15:09 UTC

SUSE-SU-2016:1228-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 958501,976942,976943,977614,977615,977616,977617,977621
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    openssl-1.0.1i-27.16.1
SUSE Linux Enterprise Server 12 (src):    openssl-1.0.1i-27.16.1
SUSE Linux Enterprise Desktop 12 (src):    openssl-1.0.1i-27.16.1

Comment 23 Swamp Workflow Management 2016-05-04 16:08:47 UTC

SUSE-SU-2016:1231-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 976942,976943,977615,977617
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109
Sources used:
SUSE Linux Enterprise Server for SAP 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP 11-SP3 (src):    compat-openssl097g-0.9.7g-146.22.44.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.44.1

Comment 24 Swamp Workflow Management 2016-05-04 16:10:36 UTC

SUSE-SU-2016:1233-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 958501,976942,976943,977614,977615,977616,977617,977621
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    openssl-1.0.1i-47.1
SUSE Linux Enterprise Server 12-SP1 (src):    openssl-1.0.1i-47.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    openssl-1.0.1i-47.1

Comment 25 Swamp Workflow Management 2016-05-05 11:08:09 UTC

openSUSE-SU-2016:1237-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 976942,976943,977614,977615,977616,977617
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE Evergreen 11.4 (src):    openssl-1.0.1p-74.1

Comment 26 Swamp Workflow Management 2016-05-05 11:09:14 UTC

openSUSE-SU-2016:1238-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 958501,976942,976943,977614,977615,977616,977617,977621
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE 13.2 (src):    openssl-1.0.1k-2.36.1

Comment 27 Swamp Workflow Management 2016-05-05 11:11:05 UTC

openSUSE-SU-2016:1239-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 963415,968046,968048,968050,968374,976942,976943,977614,977615,977617
CVE References: CVE-2015-3197,CVE-2016-0702,CVE-2016-0797,CVE-2016-0799,CVE-2016-0800,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE Evergreen 11.4 (src):    libopenssl0_9_8-0.9.8zh-14.1

Comment 28 Swamp Workflow Management 2016-05-05 11:11:50 UTC

openSUSE-SU-2016:1240-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 976942,976943,977614,977615,977616,977617
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE 13.1 (src):    openssl-1.0.1k-11.87.1

Comment 29 Swamp Workflow Management 2016-05-05 11:13:28 UTC

openSUSE-SU-2016:1241-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 963415,968046,968048,968050,968374,976942,976943,977614,977615,977617
CVE References: CVE-2015-3197,CVE-2016-0702,CVE-2016-0797,CVE-2016-0799,CVE-2016-0800,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE 13.1 (src):    libopenssl0_9_8-0.9.8zh-5.3.1

Comment 30 Swamp Workflow Management 2016-05-05 16:08:38 UTC

openSUSE-SU-2016:1242-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 968050,976942,976943,977614,977615,977617
CVE References: CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE Leap 42.1 (src):    libopenssl0_9_8-0.9.8zh-17.1
openSUSE 13.2 (src):    libopenssl0_9_8-0.9.8zh-9.6.1

Comment 31 Swamp Workflow Management 2016-05-05 16:09:32 UTC

openSUSE-SU-2016:1243-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 958501,976942,976943,977614,977615,977616,977617,977621
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE Leap 42.1 (src):    openssl-1.0.1i-15.1

Comment 32 Swamp Workflow Management 2016-05-09 10:08:59 UTC

SUSE-SU-2016:1267-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 889013,968050,976942,976943,977614,977615,977617
CVE References: CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    compat-openssl098-0.9.8j-97.1
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-openssl098-0.9.8j-97.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    compat-openssl098-0.9.8j-97.1
SUSE Linux Enterprise Desktop 12 (src):    compat-openssl098-0.9.8j-97.1

Comment 33 Swamp Workflow Management 2016-05-10 22:08:37 UTC

openSUSE-SU-2016:1273-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 889013,968050,976942,976943,977614,977615,977617
CVE References: CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE Leap 42.1 (src):    compat-openssl098-0.9.8j-12.2

Comment 34 Bernhard Wiedemann 2016-05-11 10:00:38 UTC

This is an autogenerated message for OBS integration:
This bug (977615) was mentioned in
https://build.opensuse.org/request/show/394817 42.2 / openssl

Comment 35 Swamp Workflow Management 2016-05-12 18:08:58 UTC

SUSE-SU-2016:1290-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 889013,968050,976942,976943,977614,977615,977617
CVE References: CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109
Sources used:
SUSE Studio Onsite 1.3 (src):    openssl-0.9.8j-0.97.1
SUSE OpenStack Cloud 5 (src):    openssl-0.9.8j-0.97.1
SUSE Manager Proxy 2.1 (src):    openssl-0.9.8j-0.97.1
SUSE Manager 2.1 (src):    openssl-0.9.8j-0.97.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    openssl-0.9.8j-0.97.1
SUSE Linux Enterprise Server 11-SP4 (src):    openssl-0.9.8j-0.97.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    openssl-0.9.8j-0.97.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    openssl-0.9.8j-0.97.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssl-0.9.8j-0.97.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssl-0.9.8j-0.97.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    openssl-0.9.8j-0.97.1

Comment 36 Marcus Meissner 2016-05-13 09:36:00 UTC

released updates

Comment 37 Swamp Workflow Management 2016-05-19 17:10:47 UTC

SUSE-SU-2016:1360-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 968050,973223,976942,976943,977614,977615,977617
CVE References: CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    openssl-0.9.8a-18.96.1

Comment 40 Swamp Workflow Management 2022-02-16 21:23:40 UTC

SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.