Posted: May 14th, 2017
Description:
Padding oracle in AES-NI CBC MAC check (CVE-2016-2107):
A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI.
This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes.
Memory corruption in the ASN.1 encoder (CVE-2016-2108):
This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time.
Other less critical OpenSSL vulnerabilities have been discovered and are explained here:
https://www.openssl.org/news/secadv/20160503.txt
More information per Operating system:
Please make sure to verify if patched version of OpenSSL has been released for your Operating system version before updating it.
Red Hat and CentOS:
https://access.redhat.com/security/cve/cve-2016-2107
https://access.redhat.com/security/cve/cve-2016-2108
Debian:
https://security-tracker.debian.org/tracker/CVE-2016-2107
https://security-tracker.debian.org/tracker/CVE-2016-2108