The latest batch of OpenSSL security patches were released today, with a pair of high-severity flaws and four low-severity issues addressed in OpenSSL 1.0.1t and OpenSSL 1.0.2h.
One of the high-severity flaws, CVE-2016-2107, opens the door to a padding oracle attack that can allow for the decryption of traffic if the connection uses an AES CBC cipher and the server supports AES-NI.
“The AES issue is interesting. If you can [man-in-the-middle] then you can inject packets, look at the error codes, and then eventually figure out the AES key,” said Rich Salz, a member of the OpenSSL development team and an engineer at Akamai. “So it’s for national-scale attackers who can force DNS or BGP routes, or small hackers who can hack Wi-Fi in Starbucks.”