rpm package
opensuse/openssl-1_0_0&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/openssl-1_0_0&distro=openSUSE%20Leap%2015.1
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-1971 | — | < 1.0.2p-lp151.5.20.1 | 1.0.2p-lp151.5.20.1 | Dec 8, 2020 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi | ||
| CVE-2019-1563 | — | < 1.0.2p-lp151.5.10.1 | 1.0.2p-lp151.5.10.1 | Sep 10, 2019 | In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message th | ||
| CVE-2019-1547 | — | < 1.0.2p-lp151.5.10.1 | 1.0.2p-lp151.5.10.1 | Sep 10, 2019 | Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a g | ||
| CVE-2019-1559 | — | < 1.0.2p-lp151.5.3.1 | 1.0.2p-lp151.5.3.1 | Feb 27, 2019 | If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 by |
- CVE-2020-1971Dec 8, 2020affected < 1.0.2p-lp151.5.20.1fixed 1.0.2p-lp151.5.20.1
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi
- CVE-2019-1563Sep 10, 2019affected < 1.0.2p-lp151.5.10.1fixed 1.0.2p-lp151.5.10.1
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message th
- CVE-2019-1547Sep 10, 2019affected < 1.0.2p-lp151.5.10.1fixed 1.0.2p-lp151.5.10.1
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a g
- CVE-2019-1559Feb 27, 2019affected < 1.0.2p-lp151.5.3.1fixed 1.0.2p-lp151.5.3.1
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 by