CVE-2016-8610

Published: 24 October 2016

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.12.23-12ubuntu2.6)
gnutls28
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.5.6-4ubuntu2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.4.10-4ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e
Upstream: https://gitlab.com/gnutls/gnutls/commit/42a8bb3bdad73f13425ae18a41addbbc04496101 (bp)
Upstream: https://gitlab.com/gnutls/gnutls/commit/648bf9b00e1cbf45c6d05fab07e91fad97e6926d (3.3)
openssl
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.0.2g-1ubuntu11)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.0.2g-1ubuntu4.6)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.1f-1ubuntu2.22)
Patches:
Upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401 (master)
Upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=22646a075e75991b4e8f5d67171e45a6aead5b48 (1.0.2)
Upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=f1185392189641014dca94f3fe7834bccb5f4c16 (related)
openssl098
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)