rpm package

suse/compat-openssl097g&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP3

pkg:rpm/suse/compat-openssl097g&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3

Vulnerabilities (11)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-6306	Med	5.9	< 0.9.7g-146.22.47.1	0.9.7g-146.22.47.1	Sep 26, 2016	The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
CVE-2016-6303	Cri	9.8	< 0.9.7g-146.22.47.1	0.9.7g-146.22.47.1	Sep 16, 2016	Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-2182	Cri	9.8	< 0.9.7g-146.22.47.1	0.9.7g-146.22.47.1	Sep 16, 2016	The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors
CVE-2016-2183	Hig	7.5	< 0.9.7g-146.22.47.1	0.9.7g-146.22.47.1	Sep 1, 2016	The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-dura
CVE-2016-2177	Cri	9.8	< 0.9.7g-146.22.47.1	0.9.7g-146.22.47.1	Jun 20, 2016	OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior,
CVE-2016-2109	Hig	7.5	< 0.9.7g-146.22.44.1	0.9.7g-146.22.44.1	May 5, 2016	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
CVE-2016-2108	Cri	9.8	< 0.9.7g-146.22.44.1	0.9.7g-146.22.44.1	May 5, 2016	The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
CVE-2016-2106	Hig	7.5	< 0.9.7g-146.22.44.1	0.9.7g-146.22.44.1	May 5, 2016	Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
CVE-2016-2105	Hig	7.5	< 0.9.7g-146.22.44.1	0.9.7g-146.22.44.1	May 5, 2016	Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2015-3195	Med	5.3	< 0.9.7g-146.22.36.1	0.9.7g-146.22.36.1	Dec 6, 2015	The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information fro
CVE-2015-0287		—	< 0.9.7g-146.22.33.1	0.9.7g-146.22.33.1	Mar 19, 2015	The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write opera

CVE-2016-6306MedSep 26, 2016
affected < 0.9.7g-146.22.47.1fixed 0.9.7g-146.22.47.1
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
CVE-2016-6303CriSep 16, 2016
affected < 0.9.7g-146.22.47.1fixed 0.9.7g-146.22.47.1
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-2182CriSep 16, 2016
affected < 0.9.7g-146.22.47.1fixed 0.9.7g-146.22.47.1
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors
CVE-2016-2183HigSep 1, 2016
affected < 0.9.7g-146.22.47.1fixed 0.9.7g-146.22.47.1
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-dura
CVE-2016-2177CriJun 20, 2016
affected < 0.9.7g-146.22.47.1fixed 0.9.7g-146.22.47.1
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior,
CVE-2016-2109HigMay 5, 2016
affected < 0.9.7g-146.22.44.1fixed 0.9.7g-146.22.44.1
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
CVE-2016-2108CriMay 5, 2016
affected < 0.9.7g-146.22.44.1fixed 0.9.7g-146.22.44.1
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
CVE-2016-2106HigMay 5, 2016
affected < 0.9.7g-146.22.44.1fixed 0.9.7g-146.22.44.1
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
CVE-2016-2105HigMay 5, 2016
affected < 0.9.7g-146.22.44.1fixed 0.9.7g-146.22.44.1
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2015-3195MedDec 6, 2015
affected < 0.9.7g-146.22.36.1fixed 0.9.7g-146.22.36.1
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information fro
CVE-2015-0287Mar 19, 2015
affected < 0.9.7g-146.22.33.1fixed 0.9.7g-146.22.33.1
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write opera