5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
87.2%
CentOS Errata and Security Advisory CESA-2015:2616
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and
CMS data. A remote attacker could use this flaw to cause an application
that parses PKCS#7 or CMS data from untrusted sources to use an excessive
amount of memory and possibly crash. (CVE-2015-3195)
All openssl users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library must be restarted, or
the system rebooted.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-December/083682.html
Affected packages:
openssl
openssl-devel
openssl-perl
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:2616
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | openssl | < 0.9.8e-37.el5_11 | openssl-0.9.8e-37.el5_11.i386.rpm |
CentOS | 5 | i686 | openssl | < 0.9.8e-37.el5_11 | openssl-0.9.8e-37.el5_11.i686.rpm |
CentOS | 5 | i386 | openssl-devel | < 0.9.8e-37.el5_11 | openssl-devel-0.9.8e-37.el5_11.i386.rpm |
CentOS | 5 | i386 | openssl-perl | < 0.9.8e-37.el5_11 | openssl-perl-0.9.8e-37.el5_11.i386.rpm |
CentOS | 5 | i686 | openssl | < 0.9.8e-37.el5_11 | openssl-0.9.8e-37.el5_11.i686.rpm |
CentOS | 5 | x86_64 | openssl | < 0.9.8e-37.el5_11 | openssl-0.9.8e-37.el5_11.x86_64.rpm |
CentOS | 5 | i386 | openssl-devel | < 0.9.8e-37.el5_11 | openssl-devel-0.9.8e-37.el5_11.i386.rpm |
CentOS | 5 | x86_64 | openssl-devel | < 0.9.8e-37.el5_11 | openssl-devel-0.9.8e-37.el5_11.x86_64.rpm |
CentOS | 5 | x86_64 | openssl-perl | < 0.9.8e-37.el5_11 | openssl-perl-0.9.8e-37.el5_11.x86_64.rpm |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
87.2%