rpm package

suse/openssl&distro=SUSE Linux Enterprise Server 11 SP3-LTSS

pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Vulnerabilities (26)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-0797	Hig	7.5	< 0.9.8j-0.89.1	0.9.8j-0.89.1	Mar 3, 2016	Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (
CVE-2016-0705	Cri	9.8	< 0.9.8j-0.89.1	0.9.8j-0.89.1	Mar 3, 2016	Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA privat
CVE-2016-0702	Med	5.1	< 0.9.8j-0.89.1	0.9.8j-0.89.1	Mar 3, 2016	The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a craft
CVE-2016-0703	Med	5.9	< 0.9.8j-0.89.1	0.9.8j-0.89.1	Mar 2, 2016	The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-mid
CVE-2016-0800	Med	5.9	< 0.9.8j-0.89.1	0.9.8j-0.89.1	Mar 1, 2016	The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciph
CVE-2015-3197	Med	5.9	< 0.9.8j-0.89.1	0.9.8j-0.89.1	Feb 15, 2016	ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_clien

CVE-2016-0797HigMar 3, 2016
affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (
CVE-2016-0705CriMar 3, 2016
affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA privat
CVE-2016-0702MedMar 3, 2016
affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a craft
CVE-2016-0703MedMar 2, 2016
affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-mid
CVE-2016-0800MedMar 1, 2016
affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciph
CVE-2015-3197MedFeb 15, 2016
affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_clien

Page 2 of 2