rpm package
suse/openssl&distro=SUSE Linux Enterprise Server 11 SP3-TERADATA
pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-0797 | Hig | 7.5 | < 0.9.8j-0.89.1 | 0.9.8j-0.89.1 | Mar 3, 2016 | Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the ( | |
| CVE-2016-0705 | Cri | 9.8 | < 0.9.8j-0.89.1 | 0.9.8j-0.89.1 | Mar 3, 2016 | Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA privat | |
| CVE-2016-0702 | Med | 5.1 | < 0.9.8j-0.89.1 | 0.9.8j-0.89.1 | Mar 3, 2016 | The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a craft | |
| CVE-2016-0703 | Med | 5.9 | < 0.9.8j-0.89.1 | 0.9.8j-0.89.1 | Mar 2, 2016 | The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-mid | |
| CVE-2016-0800 | Med | 5.9 | < 0.9.8j-0.89.1 | 0.9.8j-0.89.1 | Mar 1, 2016 | The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciph | |
| CVE-2015-3197 | Med | 5.9 | < 0.9.8j-0.89.1 | 0.9.8j-0.89.1 | Feb 15, 2016 | ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_clien | |
| CVE-2015-3195 | Med | 5.3 | < 0.9.8j-0.80.1 | 0.9.8j-0.80.1 | Dec 6, 2015 | The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information fro | |
| CVE-2015-0287 | — | < 0.9.8j-0.74.1 | 0.9.8j-0.74.1 | Mar 19, 2015 | The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write opera |
- affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (
- affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA privat
- affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a craft
- affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-mid
- affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciph
- affected < 0.9.8j-0.89.1fixed 0.9.8j-0.89.1
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_clien
- affected < 0.9.8j-0.80.1fixed 0.9.8j-0.80.1
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information fro
- CVE-2015-0287Mar 19, 2015affected < 0.9.8j-0.74.1fixed 0.9.8j-0.74.1
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write opera
Page 2 of 2