rpm package
suse/openssl&distro=SUSE Enterprise Storage 5
pkg:rpm/suse/openssl&distro=SUSE%20Enterprise%20Storage%205
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-1971 | Med | 5.9 | < 1.0.2j-60.63.1 | 1.0.2j-60.63.1 | Dec 8, 2020 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi | |
| CVE-2019-1551 | Med | 5.3 | < 1.0.2j-60.60.1 | 1.0.2j-60.60.1 | Dec 6, 2019 | There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult | |
| CVE-2019-1563 | Low | 3.7 | < 1.0.2j-60.55.1 | 1.0.2j-60.55.1 | Sep 10, 2019 | In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message th | |
| CVE-2019-1547 | Med | 4.7 | < 1.0.2j-60.55.1 | 1.0.2j-60.55.1 | Sep 10, 2019 | Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a g |
- affected < 1.0.2j-60.63.1fixed 1.0.2j-60.63.1
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi
- affected < 1.0.2j-60.60.1fixed 1.0.2j-60.60.1
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult
- affected < 1.0.2j-60.55.1fixed 1.0.2j-60.55.1
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message th
- affected < 1.0.2j-60.55.1fixed 1.0.2j-60.55.1
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a g