rpm package

suse/compat-openssl098&distro=SUSE Linux Enterprise Desktop 12 SP2

pkg:rpm/suse/compat-openssl098&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2

Vulnerabilities (3)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-7056		—	< 0.9.8j-105.1	0.9.8j-105.1	Sep 10, 2018	A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2016-8610	Hig	7.5	< 0.9.8j-105.1	0.9.8j-105.1	Nov 13, 2017	A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amoun
CVE-2016-2108	Cri	9.8	< 0.9.8j-105.1	0.9.8j-105.1	May 5, 2016	The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

CVE-2016-7056Sep 10, 2018
affected < 0.9.8j-105.1fixed 0.9.8j-105.1
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2016-8610HigNov 13, 2017
affected < 0.9.8j-105.1fixed 0.9.8j-105.1
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amoun
CVE-2016-2108CriMay 5, 2016
affected < 0.9.8j-105.1fixed 0.9.8j-105.1
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.