CVE output: rename IMPACT to SEVERITY; AFFECTED_RELEASE to FIXED_RELEASES; PACKAGE_STATE to FIX_STATES

[ryran]

No description provided.

[ryran]

Done!

$ rhsecapi CVE-2016-6302 -aw
Valid Red Hat CVE results retrieved: 1 of 1

CVE-2016-6302
  SEVERITY: Moderate Impact
  DATE:     2016-08-23
  IAVA:     2016-A-0262
  CWE:      CWE-190->CWE-125
  CVSS:     4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
  CVSS3:    5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
  BUGZILLA: 1369855
  DETAILS:  
   The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before
   1.1.0 does not consider the HMAC size during validation of the
   ticket length, which allows remote attackers to cause a denial of
   service via a ticket that is too short.  An integer underflow flaw
   leading to a buffer over-read was found in the way OpenSSL parsed
   TLS session tickets. A remote attacker could use this flaw to crash
   a TLS server using OpenSSL if it used SHA-512 as HMAC for session
   tickets.
  UPSTREAM_FIX:  openssl 1.0.1u, openssl 1.0.2i
  REFERENCES:
   https://www.openssl.org/news/secadv/20160922.txt
  FIXED_RELEASES:
   Red Hat Enterprise Linux 6 [openssl-1.0.1e-48.el6_8.3]: RHSA-2016:1940
   Red Hat Enterprise Linux 7 [openssl-1:1.0.1e-51.el7_2.7]: RHSA-2016:1940
  FIX_STATES:
   Affected: Red Hat JBoss Core Services 1 [openssl]
   Affected: Red Hat JBoss EAP 6 [openssl]
   Will not fix: Red Hat JBoss EWS 1 [openssl]
   Will not fix: Red Hat JBoss EWS 2 [openssl]
   Affected: Red Hat JBoss Web Server 3.0 [openssl]
   Not affected: Red Hat Enterprise Linux 5 [openssl097a]
   Not affected: Red Hat Enterprise Linux 5 [openssl]
   Not affected: Red Hat Enterprise Linux 6 [openssl098e]
   Not affected: Red Hat Enterprise Linux 7 [OVMF]
   Not affected: Red Hat Enterprise Linux 7 [openssl098e]

[ryran]

Done!

$ rhsecapi CVE-2016-6302 -aw
Valid Red Hat CVE results retrieved: 1 of 1

CVE-2016-6302
  SEVERITY: Moderate Impact
  DATE:     2016-08-23
  IAVA:     2016-A-0262
  CWE:      CWE-190->CWE-125
  CVSS:     4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
  CVSS3:    5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
  BUGZILLA: 1369855
  DETAILS:  
   The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before
   1.1.0 does not consider the HMAC size during validation of the
   ticket length, which allows remote attackers to cause a denial of
   service via a ticket that is too short.  An integer underflow flaw
   leading to a buffer over-read was found in the way OpenSSL parsed
   TLS session tickets. A remote attacker could use this flaw to crash
   a TLS server using OpenSSL if it used SHA-512 as HMAC for session
   tickets.
  UPSTREAM_FIX:  openssl 1.0.1u, openssl 1.0.2i
  REFERENCES:
   https://www.openssl.org/news/secadv/20160922.txt
  FIXED_RELEASES:
   Red Hat Enterprise Linux 6 [openssl-1.0.1e-48.el6_8.3]: RHSA-2016:1940
   Red Hat Enterprise Linux 7 [openssl-1:1.0.1e-51.el7_2.7]: RHSA-2016:1940
  FIX_STATES:
   Affected: Red Hat JBoss Core Services 1 [openssl]
   Affected: Red Hat JBoss EAP 6 [openssl]
   Will not fix: Red Hat JBoss EWS 1 [openssl]
   Will not fix: Red Hat JBoss EWS 2 [openssl]
   Affected: Red Hat JBoss Web Server 3.0 [openssl]
   Not affected: Red Hat Enterprise Linux 5 [openssl097a]
   Not affected: Red Hat Enterprise Linux 5 [openssl]
   Not affected: Red Hat Enterprise Linux 6 [openssl098e]
   Not affected: Red Hat Enterprise Linux 7 [OVMF]
   Not affected: Red Hat Enterprise Linux 7 [openssl098e]