Описание
Security update for OpenSSL
This OpenSSL update fixes the following issues:
Security Issues:
Список пакетов
SUSE Linux Enterprise Server 11 SP1-LTSS
SUSE Linux Enterprise Server 11 SP1-TERADATA
Ссылки
- Link for SUSE-SU-2015:1184-1
- E-Mail link for SUSE-SU-2015:1184-1
- SUSE Security Ratings
- SUSE Bug 608666
- SUSE Bug 629905
- SUSE Bug 651003
- SUSE Bug 657663
- SUSE Bug 670526
- SUSE Bug 693027
- SUSE Bug 716144
- SUSE Bug 739719
- SUSE Bug 742821
- SUSE Bug 743344
- SUSE Bug 748738
- SUSE Bug 749210
- SUSE Bug 749213
- SUSE Bug 749735
- SUSE Bug 751946
- SUSE Bug 751977
- SUSE Bug 755395
Описание
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
Затронутые продукты
Ссылки
- CVE-2006-7250
- SUSE Bug 748738
- SUSE Bug 883307
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Затронутые продукты
Ссылки
- CVE-2009-5146
- SUSE Bug 915976
- SUSE Bug 919648
- SUSE Bug 922647
Описание
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
Затронутые продукты
Ссылки
- CVE-2010-2939
- SUSE Bug 489641
- SUSE Bug 629905
Описание
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Затронутые продукты
Ссылки
- CVE-2010-3864
- SUSE Bug 629905
- SUSE Bug 651003
Описание
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Затронутые продукты
Ссылки
- CVE-2010-4180
- SUSE Bug 657663
- SUSE Bug 674017
- SUSE Bug 711693
- SUSE Bug 724729
- SUSE Bug 799454
Описание
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
Затронутые продукты
Ссылки
- CVE-2011-0014
- SUSE Bug 670526
Описание
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
Затронутые продукты
Ссылки
- CVE-2011-1945
- SUSE Bug 693027
Описание
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.
Затронутые продукты
Ссылки
- CVE-2011-3210
- SUSE Bug 716144
- SUSE Bug 854391
Описание
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
Затронутые продукты
Ссылки
- CVE-2011-4108
- SUSE Bug 739719
- SUSE Bug 742821
- SUSE Bug 758060
- SUSE Bug 778825
- SUSE Bug 854391
Описание
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
Затронутые продукты
Ссылки
- CVE-2011-4109
- SUSE Bug 739719
- SUSE Bug 758060
- SUSE Bug 854391
Описание
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
Затронутые продукты
Ссылки
- CVE-2011-4576
- SUSE Bug 739719
- SUSE Bug 758060
- SUSE Bug 778825
- SUSE Bug 854391
Описание
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
Затронутые продукты
Ссылки
- CVE-2011-4577
- SUSE Bug 739719
- SUSE Bug 758060
- SUSE Bug 854391
Описание
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2011-4619
- SUSE Bug 739719
- SUSE Bug 758060
- SUSE Bug 799454
- SUSE Bug 854391
Описание
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.
Затронутые продукты
Ссылки
- CVE-2011-5095
- SUSE Bug 768097
- SUSE Bug 773908
Описание
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
Затронутые продукты
Ссылки
- CVE-2012-0050
- SUSE Bug 739719
- SUSE Bug 742821
- SUSE Bug 758060
Описание
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
Затронутые продукты
Ссылки
- CVE-2012-0884
- SUSE Bug 749210
- SUSE Bug 749735
- SUSE Bug 751977
- SUSE Bug 754640
- SUSE Bug 761819
- SUSE Bug 854391
Описание
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
Затронутые продукты
Ссылки
- CVE-2012-1165
- SUSE Bug 749210
- SUSE Bug 749213
- SUSE Bug 751946
- SUSE Bug 754640
- SUSE Bug 854391
Описание
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Затронутые продукты
Ссылки
- CVE-2012-2110
- SUSE Bug 758060
- SUSE Bug 778825
- SUSE Bug 854391
Описание
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Затронутые продукты
Ссылки
- CVE-2012-2333
- SUSE Bug 761838
- SUSE Bug 763341
- SUSE Bug 854391
- SUSE Bug 905106
Описание
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Затронутые продукты
Ссылки
- CVE-2013-0166
- SUSE Bug 802648
- SUSE Bug 802746
- SUSE Bug 813366
- SUSE Bug 821818
- SUSE Bug 833408
- SUSE Bug 854391
- SUSE Bug 905106
Описание
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Затронутые продукты
Ссылки
- CVE-2013-0169
- SUSE Bug 1070148
- SUSE Bug 1103036
- SUSE Bug 1103597
- SUSE Bug 802184
- SUSE Bug 802648
- SUSE Bug 802746
- SUSE Bug 803379
- SUSE Bug 804654
- SUSE Bug 809839
- SUSE Bug 813366
- SUSE Bug 813939
- SUSE Bug 821818
- SUSE Bug 905106
- SUSE Bug 977584
- SUSE Bug 977616
- SUSE Bug 984977
Описание
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Затронутые продукты
Ссылки
- CVE-2014-0076
- SUSE Bug 869945
- SUSE Bug 880891
- SUSE Bug 883126
- SUSE Bug 885777
- SUSE Bug 905106
Описание
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
Затронутые продукты
Ссылки
- CVE-2014-0221
- SUSE Bug 880891
- SUSE Bug 883126
- SUSE Bug 885777
- SUSE Bug 905106
- SUSE Bug 915913
Описание
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Затронутые продукты
Ссылки
- CVE-2014-0224
- SUSE Bug 1146657
- SUSE Bug 880891
- SUSE Bug 881743
- SUSE Bug 883126
- SUSE Bug 885777
- SUSE Bug 892403
- SUSE Bug 901237
- SUSE Bug 903703
- SUSE Bug 905018
- SUSE Bug 905106
- SUSE Bug 914447
- SUSE Bug 915913
- SUSE Bug 916239
Описание
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
Затронутые продукты
Ссылки
- CVE-2014-3470
- SUSE Bug 880891
- SUSE Bug 883126
- SUSE Bug 885777
- SUSE Bug 905106
- SUSE Bug 915913
Описание
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.
Затронутые продукты
Ссылки
- CVE-2014-3505
- SUSE Bug 890759
- SUSE Bug 890764
- SUSE Bug 890767
- SUSE Bug 905106
Описание
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.
Затронутые продукты
Ссылки
- CVE-2014-3506
- SUSE Bug 890759
- SUSE Bug 890764
- SUSE Bug 890768
- SUSE Bug 905106
Описание
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
Затронутые продукты
Ссылки
- CVE-2014-3507
- SUSE Bug 890759
- SUSE Bug 890764
- SUSE Bug 890769
- SUSE Bug 905106
Описание
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
Затронутые продукты
Ссылки
- CVE-2014-3508
- SUSE Bug 890759
- SUSE Bug 890764
- SUSE Bug 905106
- SUSE Bug 950708
Описание
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.
Затронутые продукты
Ссылки
- CVE-2014-3510
- SUSE Bug 890759
- SUSE Bug 890764
- SUSE Bug 890770
- SUSE Bug 905106
Описание
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
Затронутые продукты
Ссылки
- CVE-2014-3513
- SUSE Bug 901277
Описание
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Затронутые продукты
Ссылки
- CVE-2014-3566
- SUSE Bug 1011293
- SUSE Bug 1031023
- SUSE Bug 901223
- SUSE Bug 901254
- SUSE Bug 901277
- SUSE Bug 901748
- SUSE Bug 901757
- SUSE Bug 901759
- SUSE Bug 901889
- SUSE Bug 901968
- SUSE Bug 902229
- SUSE Bug 902233
- SUSE Bug 902476
- SUSE Bug 903405
- SUSE Bug 903684
- SUSE Bug 904889
- SUSE Bug 905106
- SUSE Bug 914041
- SUSE Bug 994144
Описание
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
Затронутые продукты
Ссылки
- CVE-2014-3567
- SUSE Bug 877506
- SUSE Bug 901277
- SUSE Bug 905106
Описание
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
Затронутые продукты
Ссылки
- CVE-2014-3568
- SUSE Bug 901277
- SUSE Bug 905106
- SUSE Bug 911399
- SUSE Bug 986238
Описание
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
Затронутые продукты
Ссылки
- CVE-2014-3570
- SUSE Bug 912296
- SUSE Bug 915848
- SUSE Bug 927623
- SUSE Bug 937891
- SUSE Bug 944456
Описание
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
Затронутые продукты
Ссылки
- CVE-2014-3571
- SUSE Bug 912294
- SUSE Bug 915848
- SUSE Bug 927623
Описание
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
Затронутые продукты
Ссылки
- CVE-2014-3572
- SUSE Bug 912015
- SUSE Bug 915848
- SUSE Bug 927623
- SUSE Bug 937891
Описание
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
Затронутые продукты
Ссылки
- CVE-2014-8275
- SUSE Bug 912018
- SUSE Bug 915848
- SUSE Bug 927623
- SUSE Bug 937891
Описание
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
Затронутые продукты
Ссылки
- CVE-2015-0204
- SUSE Bug 912014
- SUSE Bug 920482
- SUSE Bug 920484
- SUSE Bug 927591
- SUSE Bug 927623
- SUSE Bug 936787
- SUSE Bug 952088
Описание
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.
Затронутые продукты
Ссылки
- CVE-2015-0205
- SUSE Bug 912293
- SUSE Bug 915848
- SUSE Bug 927623
- SUSE Bug 937891
Описание
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
Затронутые продукты
Ссылки
- CVE-2015-0209
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 936586
- SUSE Bug 937891
Описание
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.
Затронутые продукты
Ссылки
- CVE-2015-0286
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 922496
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 951391
Описание
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
Затронутые продукты
Ссылки
- CVE-2015-0287
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 922499
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 968888
- SUSE Bug 991722
Описание
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
Затронутые продукты
Ссылки
- CVE-2015-0288
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 920236
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 951391
Описание
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
Затронутые продукты
Ссылки
- CVE-2015-0289
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 922500
- SUSE Bug 936586
- SUSE Bug 937891
Описание
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-0292
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 922501
- SUSE Bug 936586
Описание
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
Затронутые продукты
Ссылки
- CVE-2015-0293
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 922488
- SUSE Bug 936586
- SUSE Bug 968044
- SUSE Bug 968051
- SUSE Bug 968053
- SUSE Bug 986238
Описание
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
Затронутые продукты
Ссылки
- CVE-2015-1788
- SUSE Bug 934487
- SUSE Bug 934666
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 938432
Описание
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
Затронутые продукты
Ссылки
- CVE-2015-1789
- SUSE Bug 934489
- SUSE Bug 934666
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 938432
- SUSE Bug 951391
Описание
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
Затронутые продукты
Ссылки
- CVE-2015-1790
- SUSE Bug 934491
- SUSE Bug 934666
- SUSE Bug 936586
- SUSE Bug 938432
Описание
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
Затронутые продукты
Ссылки
- CVE-2015-1791
- SUSE Bug 933911
- SUSE Bug 934666
- SUSE Bug 986238
- SUSE Bug 989464
Описание
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
Затронутые продукты
Ссылки
- CVE-2015-1792
- SUSE Bug 934493
- SUSE Bug 934666
- SUSE Bug 937891
- SUSE Bug 986238
Описание
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
Затронутые продукты
Ссылки
- CVE-2015-3216
- SUSE Bug 933898
Описание
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Затронутые продукты
Ссылки
- CVE-2015-4000
- SUSE Bug 1074631
- SUSE Bug 1211968
- SUSE Bug 931600
- SUSE Bug 931698
- SUSE Bug 931723
- SUSE Bug 931845
- SUSE Bug 932026
- SUSE Bug 932483
- SUSE Bug 934789
- SUSE Bug 935033
- SUSE Bug 935540
- SUSE Bug 935979
- SUSE Bug 937202
- SUSE Bug 937766
- SUSE Bug 938248
- SUSE Bug 938432
- SUSE Bug 938895
- SUSE Bug 938905
- SUSE Bug 938906