Lucene search
AmazonALAS-2012-072HistoryMay 02, 2012 - 12:28 p.m.
Important: openssl
2012-05-0212:28:00
alas.aws.amazon.com
15
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.11 Low
EPSS
Percentile
95.1%
Issue Overview:
Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL’s I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)
Affected Packages:
openssl
Issue Correction:
Run yum update openssl to update your system.
New Packages:
i686:
openssl-static-1.0.0i-1.41.amzn1.i686
openssl-devel-1.0.0i-1.41.amzn1.i686
openssl-1.0.0i-1.41.amzn1.i686
openssl-perl-1.0.0i-1.41.amzn1.i686
openssl-debuginfo-1.0.0i-1.41.amzn1.i686
src:
openssl-1.0.0i-1.41.amzn1.src
x86_64:
openssl-devel-1.0.0i-1.41.amzn1.x86_64
openssl-perl-1.0.0i-1.41.amzn1.x86_64
openssl-static-1.0.0i-1.41.amzn1.x86_64
openssl-debuginfo-1.0.0i-1.41.amzn1.x86_64
openssl-1.0.0i-1.41.amzn1.x86_64
Additional References
Red Hat: CVE-2012-2110
Mitre: CVE-2012-2110
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | openssl-static | < 1.0.0i-1.41.amzn1 | openssl-static-1.0.0i-1.41.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssl-devel | < 1.0.0i-1.41.amzn1 | openssl-devel-1.0.0i-1.41.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssl | < 1.0.0i-1.41.amzn1 | openssl-1.0.0i-1.41.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssl-perl | < 1.0.0i-1.41.amzn1 | openssl-perl-1.0.0i-1.41.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssl-debuginfo | < 1.0.0i-1.41.amzn1 | openssl-debuginfo-1.0.0i-1.41.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | openssl-devel | < 1.0.0i-1.41.amzn1 | openssl-devel-1.0.0i-1.41.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openssl-perl | < 1.0.0i-1.41.amzn1 | openssl-perl-1.0.0i-1.41.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openssl-static | < 1.0.0i-1.41.amzn1 | openssl-static-1.0.0i-1.41.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openssl-debuginfo | < 1.0.0i-1.41.amzn1 | openssl-debuginfo-1.0.0i-1.41.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openssl | < 1.0.0i-1.41.amzn1 | openssl-1.0.0i-1.41.amzn1.x86_64.rpm |
Related
nessus
nessus
Amazon Linux AMI : openssl (ALAS-2012-72)
2013-09-04 00:00:00
OpenSSL 1.0.0 < 1.0.0i ASN.1 asn1_d2i_read_bio Memory Corruption
2012-04-19 00:00:00
Fedora 17 : openssl-1.0.0i-1.fc17 (2012-6343)
2012-04-27 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.0i-alt1
2012-04-19 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0i-alt1
2012-04-19 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0i-alt1
2012-04-19 00:00:00
openvas
openvas
Fedora Update for openssl FEDORA-2012-6343
2012-08-30 00:00:00
RedHat Update for openssl RHSA-2012:0518-01
2012-04-26 00:00:00
Fedora Update for openssl FEDORA-2012-6343
2012-08-30 00:00:00
ubuntucve
ubuntucve
CVE-2012-2110
2012-04-19 00:00:00
CVE-2012-2131
2012-04-24 00:00:00
debiancve
debiancve
CVE-2012-2110
2012-04-19 17:55:00
CVE-2012-2131
2012-04-24 20:55:00
threatpost
threatpost
E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm
2012-04-24 21:33:10
OpenSSL Releases New Fix for CVE-2012-2110 ASN1 Bug
2012-04-24 19:17:06
New Java Malware Exploits Both Windows And Mac Users
2012-04-24 17:37:49
oraclelinux
oraclelinux
openssl security update
2012-05-08 00:00:00
openssl security update
2012-04-25 00:00:00
openssl097a and openssl098e security update
2014-06-05 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2012-2110
2012-04-19 00:00:00
Vulnerability in OpenSSL CVE-2012-2131
2012-04-24 00:00:00
freebsd
freebsd
OpenSSL -- integer conversions result in memory corruption
2012-04-19 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2012-05-03 00:00:00
centos
centos
openssl, openssl097a, openssl098e security update
2012-04-25 01:22:21
seebug
seebug
OpenSSL "asn1_d2i_read_bio()" DER格式数据处理漏洞
2012-04-22 00:00:00
OpenSSL ASN1 BIO Memory Corruption Vulnerability
2014-07-01 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: openssl-1.0.0i-1.fc17
2012-04-26 20:07:43
[SECURITY] Fedora 16 Update: openssl-1.0.0i-1.fc16
2012-04-27 20:50:05
[SECURITY] Fedora 16 Update: openssl-1.0.0j-1.fc16
2012-06-03 00:00:32
veracode
veracode
Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow
2017-02-09 00:33:40
Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow
2019-01-15 08:50:55
exploitpack
exploitpack
OpenSSL - ASN1 BIO Memory Corruption
2012-04-19 00:00:00
redhat
redhat
(RHSA-2012:0518) Important: openssl security update
2012-04-24 00:00:00
(RHSA-2012:0522) Important: openssl security update
2012-04-25 00:00:00
(RHSA-2012:1308) Important: openssl security update
2012-09-24 15:54:31
prion
prion
Buffer overflow
2012-04-19 17:55:00
Integer overflow
2012-04-24 20:55:00
f5
f5
SOL16285 - OpenSSL vulnerability CVE-2012-2110
2015-04-09 00:00:00
K16285 : OpenSSL vulnerability CVE-2012-2110
2015-07-24 00:00:00
cve
cve
CVE-2012-2110
2012-04-19 17:55:00
CVE-2012-2131
2012-04-24 20:55:00
amazon
amazon
Important: openssl098e
2012-05-02 12:31:00
suse
suse
Security update for compat-openssl097g (important)
2012-09-18 15:08:35
Security update for openssl (important)
2012-05-23 01:08:20
Security update for compat-openssl097g (important)
2012-09-12 07:08:33
securityvulns
securityvulns
[ MDVSA-2012:064 ] openssl0.9.8
2012-04-24 00:00:00
OpenSSL memory corruption
2012-04-24 00:00:00
RSA BSAFE security vulnerabilities
2012-10-29 00:00:00
vmware
vmware
debian
debian
[SECURITY] [DSA 2454-2] openssl incomplete fix
2012-04-25 02:03:10
[SECURITY] [DSA 2454-1] openssl security update
2012-04-19 21:21:20
checkpoint_security
checkpoint_security
ubuntu
ubuntu
OpenSSL vulnerability
2012-04-24 00:00:00
OpenSSL vulnerabilities
2012-04-19 00:00:00
exploitdb
exploitdb
OpenSSL - ASN1 BIO Memory Corruption
2012-04-19 00:00:00
osv
osv
openssl - multiple
2012-04-24 00:00:00
openssl - incomplete fix
2012-04-24 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:01.openssl
2012-05-30 00:00:00
aix
aix
Multiple OpenSSL vulnerabilities
2012-08-01 09:25:58
gentoo
gentoo
OpenSSL: Multiple Vulnerabilities
2013-12-03 00:00:00
ibm
ibm
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.11 Low
EPSS
Percentile
95.1%
Related for ALAS-2012-072