openssl: CVE-2016-7056 CVE-2016-8610 CVE-2017-3731
Closed this issue · 1 comments
bacongobbler commented
https://lists.debian.org/debian-security-announce/2017/msg00024.html
Several vulnerabilities were discovered in OpenSSL:
CVE-2016-7056
A local timing attack was discovered against ECDSA P-256.
CVE-2016-8610
It was discovered that no limit was imposed on alert packets during
an SSL handshake.
CVE-2017-3731
Robert Swiecki discovered that the RC4-MD5 cipher when running on
32 bit systems could be forced into an out-of-bounds read, resulting
in denial of service.
bacongobbler commented
This doesn't seem to be an issue on Ubuntu; only Debian Jessie. quay.io also confirms that v0.3.6 is not affected by thes CVEs. Closing.