Multiple vulnerabilities are found in the OpenSSL library. The vulnerabilities are caused by padding oracle weakness, and memory corruption when applications parse and re-encode X.509 certificates, or verify RSA signatures on X.509 certificates. An attacker could use a padding oracle attack to decrypt certain traffic if an AES CBC cipher is used and the server supports AES-NI, or send a specially crafted X.509 certificate to exploit the vulnerabilities.
Successful exploitation could lead to denial of service, remote code execution or information disclosure.
Related vulnerabilities are fixed in OpenSSL 1.0.1t and 1.0.2h. Users with systems such as HTTPS protected websites or SSL-VPN gateways using OpenSSL to encrypt network traffic should check with their product vendors if the vulnerable OpenSSL versions are used and if so, upgrade to the fixed versions or follow the recommendations provided by the product vendors to mitigate the risk.
https://www.openssl.org/news/secadv/20160503.txt
https://www.openssl.org/news/openssl-1.0.1-notes.html
https://www.openssl.org/news/openssl-1.0.2-notes.html
https://www.us-cert.gov/ncas/current-activity/2016/05/03/OpenSSL-Releases-Security-Advisory
https://www.hkcert.org/my_url/en/alert/16050401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176