Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201110-01
HistoryOct 09, 2011 - 12:00 a.m.

OpenSSL: Multiple vulnerabilities

2011-10-0900:00:00
Gentoo Foundation
security.gentoo.org
29

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.4%

JSON

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/openssl< 1.0.0eUNKNOWN

Related

nessus 48
openvas 73
fedora 16
securityvulns 6
freebsd 1
ubuntu 1
altlinux 13
freebsd_advisory 1
slackware 4
seebug 2
oraclelinux 5
ibm 6
debian 1
redhat 3
centos 2
checkpoint_advisories 2
cve 4
prion 2
openssl 1
f5 3
ubuntucve 1
amazon 1
debiancve 1
veracode 1
exploitpack 1
nessus
nessus
GLSA-201110-01 : OpenSSL: Multiple vulnerabilities
2011-10-10 00:00:00
Fedora 13 : openssl-1.0.0-1.fc13 (2010-5744)
2010-07-01 00:00:00
AIX OpenSSL Advisory : openssl_advisory.asc
2014-04-16 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201110-01 (openssl)
2012-02-12 00:00:00
Gentoo Security Advisory GLSA 201110-01 (openssl)
2012-02-12 00:00:00
Fedora Update for openssl FEDORA-2011-1255
2011-03-24 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: openssl-1.0.0d-1.fc13
2011-03-17 18:49:43
[SECURITY] Fedora 14 Update: openssl-1.0.0e-1.fc14
2011-09-10 23:55:13
[SECURITY] Fedora 13 Update: openssl-1.0.0-1.fc13
2010-04-09 03:42:47
securityvulns
securityvulns
[ MDVSA-2010:076-1 ] openssl
2010-04-22 00:00:00
OpenSSL security vulnerabilities
2011-10-16 00:00:00
OpenSSL DoS confitions
2010-04-22 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2011-09-06 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2010-10-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package openssl10 version 0.9.8n-alt1
2010-03-25 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8n-alt1
2010-03-25 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.8n-alt1
2010-03-25 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-10:10.openssl
2010-11-29 00:00:00
slackware
slackware
[slackware-security] openssl
2010-03-31 21:03:53
[slackware-security] openssl
2010-11-22 07:07:48
[slackware-security] openssl
2010-12-07 07:14:58
seebug
seebug
OpenSSL Cryptographic Message Syntax &quot;OriginatorInfo&quot; Vulnerability
2010-06-03 00:00:00
OpenSSL - Remote DoS
2014-07-01 00:00:00
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2011-05-28 00:00:00
openssl security update
2011-02-10 00:00:00
openssl security update
2010-12-13 00:00:00
ibm
ibm
Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL versions prior to 1.0.0
2022-09-25 23:13:40
Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities.
2018-06-18 00:07:41
Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multiple vulnerabilities in OpenSSL
2022-09-25 20:45:36
debian
debian
[BSA-060] Security Update for openssl
2011-11-14 04:20:38
redhat
redhat
(RHSA-2010:0162) Important: openssl security update
2010-03-25 00:00:00
(RHSA-2010:0977) Moderate: openssl security update
2010-12-13 00:00:00
(RHSA-2011:1409) Moderate: openssl security update
2011-10-26 00:00:00
centos
centos
openssl security update
2011-01-27 09:11:13
openssl security update
2010-03-27 17:30:13
checkpoint_advisories
checkpoint_advisories
OpenSSL Handshake Sequence Cipher Suite Use-After-Free (CVE-2011-3210)
2012-05-14 00:00:00
OpenSSL TLS Connection Record Handling Denial of Service - Ver2 (CVE-2010-0740)
2014-12-28 00:00:00
cve
cve
CVE-2011-3210
2011-09-22 10:55:00
CVE-2011-3207
2011-09-22 10:55:00
CVE-2010-0740
2010-03-26 18:30:00
prion
prion
Design/Logic Flaw
2011-09-22 10:55:00
Null pointer dereference
2010-03-26 18:30:00
openssl
openssl
Vulnerability in OpenSSL CVE-2011-3207
2011-09-06 00:00:00
f5
f5
K11533 : OpenSSL vulnerability CVE-2010-0740
2013-07-03 00:00:00
K15318 : OpenSSL vulnerability CVE-2011-3207
2014-06-05 00:00:00
SOL15318 - OpenSSL vulnerability CVE-2011-3207
2014-06-05 00:00:00
ubuntucve
ubuntucve
CVE-2011-3207
2011-09-22 00:00:00
amazon
amazon
Medium: openssl
2011-10-10 23:40:00
debiancve
debiancve
CVE-2011-3207
2011-09-22 10:55:00
veracode
veracode
CRL Validation Bypass
2020-04-10 01:07:24
exploitpack
exploitpack
OpenSSL - Remote Denial of Service
2010-04-22 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.4%

JSON
Related for GLSA-201110-01
nessus48openvas73fedora16securityvulns6freebsd1ubuntu1altlinux13freebsd_advisory1slackware4seebug2oraclelinux5ibm6debian1redhat3centos2checkpoint_advisories2cve4prion2openssl1f53ubuntucve1amazon1debiancve1veracode1exploitpack1