NVD Vulnerability Detail

CVE-2016-2105

Summary	Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Publication Date	May 5, 2016, 10:59 a.m.
Registration Date	Jan. 26, 2021, 2:08 p.m.
Last Update	Nov. 21, 2024, 11:47 a.m.

CVSS3.1 : HIGH
スコア	7.5
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:opensuse:leap:42.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:oracle:mysql::::::::	5.6.0	5.6.30
cpe:2.3:a:oracle:mysql::::::::	5.7.0	5.7.12

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:apple:mac_os_x:10.11.5:::::::*

Configuration6	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:1.0.1m:::::::*
cpe:2.3:a:openssl:openssl:1.0.2a:::::::*
cpe:2.3:a:openssl:openssl:1.0.1j:::::::*
cpe:2.3:a:openssl:openssl:1.0.1:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.1h:::::::*
cpe:2.3:a:openssl:openssl:1.0.2e:::::::*
cpe:2.3:a:openssl:openssl:1.0.1r:::::::*
cpe:2.3:a:openssl:openssl:1.0.2b:::::::*
cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
cpe:2.3:a:openssl:openssl:1.0.1g:::::::*
cpe:2.3:a:openssl:openssl:1.0.2g:::::::*
cpe:2.3:a:openssl:openssl:1.0.1:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
cpe:2.3:a:openssl:openssl:1.0.1:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.1d:::::::*
cpe:2.3:a:openssl:openssl:1.0.2c:::::::*
cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.1p:::::::*
cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.1k:::::::*
cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
cpe:2.3:a:openssl:openssl:1.0.1n:::::::*
cpe:2.3:a:openssl:openssl:1.0.1q:::::::*
cpe:2.3:a:openssl:openssl:1.0.1e:::::::*
cpe:2.3:a:openssl:openssl:1.0.1l:::::::*
cpe:2.3:a:openssl:openssl:1.0.1f:::::::*
cpe:2.3:a:openssl:openssl:1.0.1s:::::::*
cpe:2.3:a:openssl:openssl:1.0.1o:::::::*
cpe:2.3:a:openssl:openssl:1.0.2:::::::*
cpe:2.3:a:openssl:openssl:1.0.2f:::::::*
cpe:2.3:a:openssl:openssl:1.0.1i:::::::*
cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.1:::::::*
cpe:2.3:a:openssl:openssl:1.0.2d:::::::*

Configuration7		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration8	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration9	or higher	or less	more than	less than
cpe:2.3:a:nodejs:node.js:::::-:::*	4.0.0	4.1.2
cpe:2.3:a:nodejs:node.js:6.0.0::::-:::
cpe:2.3:a:nodejs:node.js::::::::	5.0.0			5.11.1
cpe:2.3:a:nodejs:node.js::::::::	0.12.0			0.12.14
cpe:2.3:a:nodejs:node.js::::::::	0.10.0			0.10.45
cpe:2.3:a:nodejs:node.js:::::lts:::*	4.2.0			4.4.4

Related information, measures and tools

No	URL	タグ
1	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759	Third Party Advisory
2	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759	Third Party Advisory
3	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	Mailing List Third Party Advisory
4	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	Mailing List Third Party Advisory
5	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html	Mailing List Third Party Advisory
6	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html	Mailing List Third Party Advisory
7	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html	Mailing List Third Party Advisory
8	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html	Mailing List Third Party Advisory
9	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html	Mailing List Third Party Advisory
10	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	Mailing List Third Party Advisory
13	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	Mailing List Third Party Advisory
14	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	Mailing List Third Party Advisory
15	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	Mailing List Third Party Advisory
16	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	Mailing List Third Party Advisory
17	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	Mailing List Third Party Advisory
18	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	Mailing List Third Party Advisory
19	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	Mailing List Third Party Advisory
20	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	Mailing List Third Party Advisory
21	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	Mailing List Third Party Advisory
22	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	Mailing List Third Party Advisory
23	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	Mailing List Third Party Advisory
24	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	Mailing List Third Party Advisory
25	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	Mailing List Third Party Advisory
26	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	Mailing List Third Party Advisory
27	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	Mailing List Third Party Advisory
28	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	Mailing List Third Party Advisory
29	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	Mailing List Third Party Advisory
30	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	Mailing List Third Party Advisory
31	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	Mailing List Third Party Advisory
32	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	Mailing List Third Party Advisory
33	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	Mailing List Third Party Advisory
34	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	Mailing List Third Party Advisory
35	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	Mailing List Third Party Advisory
36	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	Mailing List Third Party Advisory
37	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	Mailing List Third Party Advisory
38	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	Mailing List Third Party Advisory
39	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	Mailing List Third Party Advisory
40	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	Mailing List Third Party Advisory
41	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	Third Party Advisory
42	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	Third Party Advisory
43	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html	Third Party Advisory VDB Entry
44	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html	Third Party Advisory VDB Entry
45	http://rhn.redhat.com/errata/RHSA-2016-0722.html	Third Party Advisory
46	http://rhn.redhat.com/errata/RHSA-2016-0722.html	Third Party Advisory
47	http://rhn.redhat.com/errata/RHSA-2016-0996.html	Third Party Advisory
48	http://rhn.redhat.com/errata/RHSA-2016-0996.html	Third Party Advisory
49	http://rhn.redhat.com/errata/RHSA-2016-1648.html	Third Party Advisory
50	http://rhn.redhat.com/errata/RHSA-2016-1648.html	Third Party Advisory
51	http://rhn.redhat.com/errata/RHSA-2016-1649.html	Third Party Advisory
52	http://rhn.redhat.com/errata/RHSA-2016-1649.html	Third Party Advisory
53	http://rhn.redhat.com/errata/RHSA-2016-1650.html	Third Party Advisory
54	http://rhn.redhat.com/errata/RHSA-2016-1650.html	Third Party Advisory
55	http://rhn.redhat.com/errata/RHSA-2016-2056.html	Third Party Advisory
56	http://rhn.redhat.com/errata/RHSA-2016-2056.html	Third Party Advisory
57	http://rhn.redhat.com/errata/RHSA-2016-2073.html	Third Party Advisory
58	http://rhn.redhat.com/errata/RHSA-2016-2073.html	Third Party Advisory
59	http://rhn.redhat.com/errata/RHSA-2016-2957.html	Third Party Advisory
60	http://rhn.redhat.com/errata/RHSA-2016-2957.html	Third Party Advisory
61	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	Third Party Advisory
62	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	Third Party Advisory
63	http://www.debian.org/security/2016/dsa-3566	Third Party Advisory
64	http://www.debian.org/security/2016/dsa-3566	Third Party Advisory
65	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Vendor Advisory
66	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Vendor Advisory
67	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Patch Third Party Advisory
68	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Patch Third Party Advisory
69	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch Vendor Advisory
70	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch Vendor Advisory
71	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Vendor Advisory
72	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Vendor Advisory
73	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Patch Vendor Advisory
74	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Patch Vendor Advisory
75	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Vendor Advisory
76	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Vendor Advisory
77	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Vendor Advisory
78	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Vendor Advisory
79	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Vendor Advisory
80	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Vendor Advisory
81	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Vendor Advisory
82	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Vendor Advisory
83	http://www.securityfocus.com/bid/89757	Third Party Advisory VDB Entry
84	http://www.securityfocus.com/bid/89757	Third Party Advisory VDB Entry
85	http://www.securityfocus.com/bid/91787	Third Party Advisory VDB Entry
86	http://www.securityfocus.com/bid/91787	Third Party Advisory VDB Entry
87	http://www.securitytracker.com/id/1035721	Third Party Advisory VDB Entry
88	http://www.securitytracker.com/id/1035721	Third Party Advisory VDB Entry
89	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	Third Party Advisory
90	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	Third Party Advisory
91	http://www.ubuntu.com/usn/USN-2959-1	Third Party Advisory
92	http://www.ubuntu.com/usn/USN-2959-1	Third Party Advisory
93	https://bto.bluecoat.com/security-advisory/sa123	Third Party Advisory
94	https://bto.bluecoat.com/security-advisory/sa123	Third Party Advisory
95	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
96	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
97	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a
98	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a
99	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us	Third Party Advisory
100	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us	Third Party Advisory
101	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us	Third Party Advisory
102	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us	Third Party Advisory
103	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149	Vendor Advisory
104	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149	Vendor Advisory
105	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Third Party Advisory
106	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Third Party Advisory
107	https://kc.mcafee.com/corporate/index?page=content&id=SB10160	Third Party Advisory
108	https://kc.mcafee.com/corporate/index?page=content&id=SB10160	Third Party Advisory
109	https://security.gentoo.org/glsa/201612-16	Third Party Advisory
110	https://security.gentoo.org/glsa/201612-16	Third Party Advisory
111	https://security.netapp.com/advisory/ntap-20160504-0001/	Third Party Advisory
112	https://security.netapp.com/advisory/ntap-20160504-0001/	Third Party Advisory
113	https://source.android.com/security/bulletin/pixel/2017-11-01	Third Party Advisory
114	https://source.android.com/security/bulletin/pixel/2017-11-01	Third Party Advisory
115	https://support.apple.com/HT206903	Third Party Advisory
116	https://support.apple.com/HT206903	Third Party Advisory
117	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc	Third Party Advisory
118	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc	Third Party Advisory
119	https://www.openssl.org/news/secadv/20160503.txt	Vendor Advisory
120	https://www.openssl.org/news/secadv/20160503.txt	Vendor Advisory
121	https://www.tenable.com/security/tns-2016-18	Third Party Advisory
122	https://www.tenable.com/security/tns-2016-18	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-190	整数オーバーフローまたはラップアラウンド	https://cwe.mitre.org/data/definitions/190.html

JVN Vulnerability Information

OpenSSL の crypto/evp/encode.c の EVP_EncodeUpdate 関数における整数オーバーフローの脆弱性

Title	OpenSSL の crypto/evp/encode.c の EVP_EncodeUpdate 関数における整数オーバーフローの脆弱性
Summary	OpenSSL の crypto/evp/encode.c の EVP_EncodeUpdate 関数には、整数オーバーフローの脆弱性が存在します。
Possible impacts	第三者により、大量のバイナリデータを介して、サービス運用妨害 (ヒープメモリ破損) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 3, 2016, midnight
Registration Date	May 10, 2016, 6:16 p.m.
Last Update	Oct. 3, 2017, 1:37 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux Desktop (v. 6)

Red Hat Enterprise Linux Desktop (v. 7)

Red Hat Enterprise Linux HPC Node (v. 6)

Red Hat Enterprise Linux HPC Node (v. 7)

Red Hat Enterprise Linux HPC Node EUS (v. 7.2)

Red Hat Enterprise Linux Server (v. 6)

Red Hat Enterprise Linux Server (v. 7)

Red Hat Enterprise Linux Server AUS (v. 7.2)

Red Hat Enterprise Linux Server EUS (v. 7.2)

Red Hat Enterprise Linux Workstation (v. 6)

Red Hat Enterprise Linux Workstation (v. 7)

オラクル

MySQL 5.6.30 およびそれ以前

MySQL 5.7.12 およびそれ以前

Oracle Exalogic Infrastructure 1.x

Oracle Exalogic Infrastructure 2.x

Oracle Fusion Middleware の Oracle Access Manager 10.1.4.x

Oracle Fusion Middleware の Oracle Access Manager 11.1.1.7

Oracle Secure Global Desktop 4.63

Oracle Secure Global Desktop 4.71

Oracle Secure Global Desktop 5.2

Oracle VM VirtualBox 5.0.22 未満

PeopleSoft Enterprise PeopleTools 8.53

PeopleSoft Enterprise PeopleTools 8.54

PeopleSoft Enterprise PeopleTools 8.55

OpenSSL Project

OpenSSL 1.0.1t 未満の 1.0.1

OpenSSL 1.0.2h 未満の 1.0.2

アップル

Apple Mac OS X 10.11 およびそれ以降

日本電気

CapsSuite V3.0 から V4.0

EnterpriseDirectoryServer Ver6.1 から V8.0

EnterpriseIdentityManager Ver2.0 以降

ESMPRO/ServerAgent 4.4.22-1以降 (Linux)

ESMPRO/ServerAgentService 全バージョン (Linux)

Express5800 /SG シリーズ InterSecVM/SG v1.2、v3.0、v3.1、v4.0

Express5800 /SG シリーズ SG3600LM/LG/LJ v6.1、v6.2、v7.0、v7.1、v8.0、v8.2

Express5800 /SG シリーズ UNIVERGE SG3000LG/LJ

IP38X/1200

IP38X/1210

IP38X/3000

IP38X/3500

IP38X/5000

IP38X/810

IP38X/FW120

IP38X/N500

IP38X/SR100

SecureWare/PKIアプリケーション開発キット Ver3.2

UNIVERGE Business ConneCT V7.1.1

WebOTX Application Server Enterprise V8.2 から V9.4

WebOTX Application Server Express V8.2 から V9.4

WebOTX Application Server Foundation V8.2 から V8.5

WebOTX Application Server Standard V8.2 から V9.4

WebOTX Enterprise Service Bus V8.2 から V9.3

WebSAM NetvisorPro 6.1、6.2、7.0

日立

Cosminexus Application Server Enterprise Version 6

Cosminexus Application Server Standard Version 6

Cosminexus Application Server Version 5

Cosminexus Developer Light Version 6

Cosminexus Developer Professional Version 6

Cosminexus Developer Standard Version 6

Cosminexus Developer Version 5

Cosminexus Primary Server Base Version 6

Cosminexus Primary Server Version 6

Hitachi Web Server

Hitachi Web Server - Security Enhancement

uCosminexus Application Server Express

uCosminexus Application Server Standard-R

uCosminexus Application Server Enterprise

uCosminexus Application Server Smart Edition

uCosminexus Application Server Standard

uCosminexus Developer 01

uCosminexus Developer Professional

uCosminexus Developer Professional for Plug-in

uCosminexus Developer Light

uCosminexus Developer Standard

uCosminexus Primary Server Base

uCosminexus Service Architect

uCosminexus Service Platform

uCosminexus Service Platform - Messaging

openSUSE project

openSUSE

openSUSE Leap

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-2105	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
National Vulnerability Database (NVD)
2	CVE-2016-2105	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2105

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Apple Mailing Lists
1	APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
Apple Security Updates
2	HT206903	https://support.apple.com/en-us/HT206903
Apple セキュリティアップデート
3	HT206903	https://support.apple.com/ja-jp/HT206903
HPE Security Bulletin
4	HPSBMU03691	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
McAfee Security Bulletin
5	SB10160	https://kc.mcafee.com/corporate/index?page=content&id=SB10160
NEC製品セキュリティ情報
6	NV16-015	http://jpn.nec.com/security-info/secinfo/nv16-015.html
OpenSSL
7	Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]	https://www.openssl.org/news/openssl-1.0.1-notes.html
8	Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]	https://www.openssl.org/news/openssl-1.0.2-notes.html
OpenSSL Project
9	Avoid overflow in EVP_EncodeUpdate	https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a
OpenSSL Security Advisory
10	EVP_EncodeUpdate overflow (CVE-2016-2105)	https://www.openssl.org/news/secadv/20160503.txt
opensuse-security-announce
11	openSUSE-SU-2016:1566	https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
Oracle Critical Patch Update
12	Oracle Critical Patch Update Advisory - July 2016	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
13	Oracle Critical Patch Update Advisory - October 2016	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
14	Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html
Oracle Technology Network
15	Oracle Linux Bulletin - April 2016	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
16	Oracle Linux Bulletin - July 2016	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
17	Oracle Solaris Third Party Bulletin - April 2016	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
18	Oracle VM Server for x86 Bulletin - July 2016	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Red Hat Security Advisory
19	RHSA-2016:0722	http://rhn.redhat.com/errata/RHSA-2016-0722.html
20	RHSA-2016:0996	http://rhn.redhat.com/errata/RHSA-2016-0996.html
Security Advisories
21	SA40202	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
SECURITY BLOG
22	July 2016 Critical Patch Update Released	https://blogs.oracle.com/security/entry/july_2016_critical_patch_update
Security Bulletin
23	JSA10759	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Turbolinux Security Advisory
24	TLSA-2016-14	http://www.turbolinux.co.jp/security/2016/TLSA-2016-14j.html
ソフトウェア製品セキュリティ情報
25	HS16-023	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-023/index.html

その他

No	Name	URL
JVN
1	JVNVU#93163809	http://jvn.jp/vu/JVNVU93163809/
2	JVNVU#94844193	http://jvn.jp/vu/JVNVU94844193/index.html
関連文書
3	株式会社アラタナの告知ページ (OpenSSL脆弱性への弊社対応状況について)	http://www.aratana.jp/security/detail.php?id=16

Change Log

No	Changed Details	Date of change
0	[2016年05月10日] 掲載 [2016年06月01日] ベンダ情報：ターボリナックス (TLSA-2016-14) を追加 [2016年06月06日] ベンダ情報：パルスセキュア (SA40202) を追加 [2016年06月27日] ベンダ情報：マカフィー (SB10160) を追加 [2016年07月27日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2016) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices) を追加ベンダ情報：オラクル (July 2016 Critical Patch Update Released) を追加 [2016年08月04日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：アップル (HT206903) を追加ベンダ情報：アップル (APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004) を追加参考情報：JVN (JVNVU#94844193) を追加 [2016年08月25日] ベンダ情報：日本電気 (NV16-015) を追加ベンダ情報：レッドハット (RHSA-2016:0722) を追加ベンダ情報：レッドハット (RHSA-2016:0996) を追加影響を受けるシステム：ベンダ情報の追加に伴い内容を更新参考情報：関連文書 (株式会社アラタナの告知ページ (OpenSSL脆弱性への弊社対応状況について)) を追加 [2016年09月14日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (HS16-023) を追加 [2016年11月16日] ベンダ情報：オラクル (Oracle Solaris Third Party Bulletin - April 2016) を追加ベンダ情報：オラクル (Oracle Linux Bulletin - April 2016) を追加ベンダ情報：オラクル (Oracle VM Server for x86 Bulletin - July 2016) を追加ベンダ情報：オラクル (Oracle Linux Bulletin - July 2016) を追加 [2016年12月05日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - October 2016) を追加ベンダ情報：opensuse-security-announce (openSUSE-SU-2016:1566) を追加 [2017年02月20日] ベンダ情報：ジュニパーネットワークス (JSA10759) を追加 [2017年07月25日] 影響を受けるシステム：ベンダ情報 (NV16-015) の更新に伴い内容を更新 [2017年10月03日] 影響を受けるシステム：ベンダ情報 (NV16-015) の更新に伴い内容を更新ベンダ情報：ヒューレット・パッカード・エンタープライズ (HPSBMU03691) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:::::::*

Configuration6	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:1.0.1m:::::::*
cpe:2.3:a:openssl:openssl:1.0.2a:::::::*
cpe:2.3:a:openssl:openssl:1.0.1j:::::::*
cpe:2.3:a:openssl:openssl:1.0.1:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.1h:::::::*
cpe:2.3:a:openssl:openssl:1.0.2e:::::::*
cpe:2.3:a:openssl:openssl:1.0.1r:::::::*
cpe:2.3:a:openssl:openssl:1.0.2b:::::::*
cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
cpe:2.3:a:openssl:openssl:1.0.1g:::::::*
cpe:2.3:a:openssl:openssl:1.0.2g:::::::*
cpe:2.3:a:openssl:openssl:1.0.1:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
cpe:2.3:a:openssl:openssl:1.0.1:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.1d:::::::*
cpe:2.3:a:openssl:openssl:1.0.2c:::::::*
cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.1p:::::::*
cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.1k:::::::*
cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
cpe:2.3:a:openssl:openssl:1.0.1n:::::::*
cpe:2.3:a:openssl:openssl:1.0.1q:::::::*
cpe:2.3:a:openssl:openssl:1.0.1e:::::::*
cpe:2.3:a:openssl:openssl:1.0.1l:::::::*
cpe:2.3:a:openssl:openssl:1.0.1f:::::::*
cpe:2.3:a:openssl:openssl:1.0.1s:::::::*
cpe:2.3:a:openssl:openssl:1.0.1o:::::::*
cpe:2.3:a:openssl:openssl:1.0.2:::::::*
cpe:2.3:a:openssl:openssl:1.0.2f:::::::*
cpe:2.3:a:openssl:openssl:1.0.1i:::::::*
cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.1:::::::*
cpe:2.3:a:openssl:openssl:1.0.2d:::::::*