rpm package
suse/openssl&distro=SUSE Linux Enterprise Point of Sale 11 SP3
pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-2183 | Hig | 7.5 | < 0.9.8j-0.102.2 | 0.9.8j-0.102.2 | Sep 1, 2016 | The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-dura | |
| CVE-2016-2178 | Med | 5.5 | < 0.9.8j-0.102.2 | 0.9.8j-0.102.2 | Jun 20, 2016 | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | |
| CVE-2016-2177 | Cri | 9.8 | < 0.9.8j-0.102.2 | 0.9.8j-0.102.2 | Jun 20, 2016 | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, | |
| CVE-2016-2108 | Cri | 9.8 | < 0.9.8j-0.105.1 | 0.9.8j-0.105.1 | May 5, 2016 | The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. |
- affected < 0.9.8j-0.102.2fixed 0.9.8j-0.102.2
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-dura
- affected < 0.9.8j-0.102.2fixed 0.9.8j-0.102.2
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
- affected < 0.9.8j-0.102.2fixed 0.9.8j-0.102.2
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior,
- affected < 0.9.8j-0.105.1fixed 0.9.8j-0.105.1
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
Page 2 of 2