suse/openssl&distro=SUSE Manager 2.1

Vulnerabilities (23)

• CVE-2016-0703MedMar 2, 2016
  affected < 0.9.8j-0.91.1fixed 0.9.8j-0.91.1

  The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-mid

• CVE-2016-0800MedMar 1, 2016
  affected < 0.9.8j-0.91.1fixed 0.9.8j-0.91.1

  The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciph

• CVE-2015-3197MedFeb 15, 2016
  affected < 0.9.8j-0.91.1fixed 0.9.8j-0.91.1

  ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_clien