CVE-2016-2177 IBM AIX OpenSSL Multiple Vulnerabilities (openssl_advisory21)

AIX is prone to the following vulnerabilities:

OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer arithmetic for heap-buffer boundary checks.(CVE-2016-2177)
OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DSA implementation that allows the following of a non-constant time codepath for certain operations. (CVE-2016-2178)
OpenSSL is vulnerable to a denial of service. By sending specially crafted DTLS record fragments to fill up buffer queues, a remote attacker could exploit this vulnerability to open a large number of simultaneous connections and consume all available memory resources. (CVE-2016-2179)
OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function.(CVE-2016-2180)
OpenSSL is vulnerable to a denial of service, caused by an error in the DTLS replay protection implementation.(CVE-2016-2181)
OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds write in the TS_OBJ_print_bio function in crypto/bn/bn_print.c. (CVE-2016-2182)
OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block cipher, used as a part of the SSL/TLS protocol. (CVE-2016-2183)
OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tls_decrypt_ticket function. (CVE-2016-6302)
OpenSSL is vulnerable to a denial of service, caused by an integer overflow in the MDC2_Update function.(CVE-2016-6303)
OpenSSL is vulnerable to a denial of service. By repeatedly requesting renegotiation, a remote authenticated attacker could send an overly large OCSP Status Request extension to consume all available memory resources. (CVE-2016-6304)
OpenSSL is vulnerable to a denial of service, caused by missing message length checks when parsing certificates. (CVE-2016-6306)
OpenSSL is vulnerable to a denial of service, caused by a missing CRL sanity check. By attempting to use CRLs, a remote attacker could exploit this vulnerability to cause the application to crash. (CVE-2016-7052)

Affected Platforms:
AIX 5.3, AIX 6.1, AIX 7.1, AIX 7.2

Note:The detection requires root privileges to run "emgr -c" to check for patches. In absence of such privileges, the detection may not output actual results.

An attacker could exploit this vulnerability to consume all available resources and exhaust memory.

The vendor has released fixes to resolve this vulnerability. Refer to AIX openssl_advisory21 to obtain more information

Patch:
Following are links for downloading patches to fix the vulnerabilities:

AIX openssl_advisory21: AIX 5.3, 6.1, 7.1 and 7.2 (OpenSSL)