MGASA-2017-0042

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2016-7055 CVE-2017-3731 CVE-2017-3732

Published: 05 Feb 2017, 20:42

Last modified:16 Apr 2026, 06:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

05 Feb 2017, 20:42

Published

Vulnerability first disclosed

16 Apr 2026, 06:22

Last Modified

Vulnerability information updated

Description

Updated openssl packages fix security vulnerability There is a carry propagation bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. mong EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation (CVE-2016-7055). If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. The crash can be triggered when using RC4-MD5, if it has not been disabled (CVE-2017-3731). There is a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker would need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients (CVE-2017-3732).

Affected Systems

mageia•openssl
< 1.0.2k-1.mga5

MGASA-2017-0042

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)