Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201312-03
HistoryDec 03, 2013 - 12:00 a.m.

OpenSSL: Multiple Vulnerabilities

2013-12-0300:00:00
Gentoo Foundation
security.gentoo.org
24

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.143

Percentile

95.8%

JSON

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 1.0.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0j"

All OpenSSL 0.9.8 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8y"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/openssl< 1.0.0jUNKNOWN

Related

openvas 72
nessus 54
aix 2
securityvulns 3
fedora 11
ubuntu 5
ibm 8
freebsd 2
slackware 1
debian 2
cve 2
f5 3
cvelist 1
prion 1
ubuntucve 3
debiancve 1
nvd 2
oraclelinux 3
centos 3
amazon 2
redhat 7
altlinux 5
osv 3
freebsd_advisory 1
suse 1
cert 1
openvas
openvas
Gentoo Security Advisory GLSA 201312-03
2015-09-29 00:00:00
Mandriva Update for openssl MDVSA-2012:038 (openssl)
2012-08-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0479-1)
2021-06-09 00:00:00
nessus
nessus
GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities
2013-12-03 00:00:00
AIX OpenSSL Advisory : openssl_advisory4.asc
2014-04-16 00:00:00
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)
2012-04-20 00:00:00
aix
aix
Multiple OpenSSL vulnerabilities
2012-08-01 09:25:58
Multiple OpenSSL vulnerabilities
2013-03-15 03:20:11
securityvulns
securityvulns
[ MDVSA-2012:038 ] openssl
2012-04-02 00:00:00
[SECURITY] [DSA 2454-1] openssl security update
2012-04-22 00:00:00
OpenSSL security vulnerabilities
2012-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: openssl-1.0.0j-1.fc16
2012-06-03 00:00:32
[SECURITY] Fedora 17 Update: openssl-1.0.0k-1.fc17
2013-03-08 00:02:36
[SECURITY] Fedora 15 Update: openssl-1.0.0j-1.fc15
2012-06-03 00:02:27
ubuntu
ubuntu
OpenSSL vulnerabilities
2012-04-19 00:00:00
OpenSSL vulnerabilities
2013-02-21 00:00:00
OpenSSL vulnerabilities
2012-05-24 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in ClearCase OpenSSL Component (CVE-2013-0169, CVE-2012-2686, CVE-2013-0166)
2018-06-17 04:46:06
Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by multiple OpenSSL vulnerabilities
2022-09-26 05:45:55
Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c
2022-09-25 21:06:56
freebsd
freebsd
OpenSSL -- TLS 1.1, 1.2 denial of service
2013-02-05 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
slackware
slackware
openssl
2013-02-09 15:03:57
debian
debian
[SECURITY] [DSA 2454-1] openssl security update
2012-04-19 21:21:20
[SECURITY] [DSA 2621-1] openssl security update
2013-02-13 20:07:41
cve
cve
CVE-2012-1165
2012-03-15 17:55:00
CVE-2006-7250
2012-02-29 11:55:04
f5
f5
SOL13597 - OpenSSL vulnerability CVE-2012-1165
2012-05-21 00:00:00
K13597 : OpenSSL vulnerability CVE-2012-1165
2013-09-12 00:00:00
K15349 : OpenSSL 0.9.8t Denial of Service via S/MIME msg vulnerability CVE-2006-7250
2014-06-19 00:00:00
cvelist
cvelist
CVE-2012-1165
2012-03-15 17:00:00
prion
prion
Null pointer dereference
2012-03-15 17:55:00
ubuntucve
ubuntucve
CVE-2012-1165
2012-03-15 00:00:00
CVE-2012-2686
2013-02-08 00:00:00
CVE-2006-7250
2012-02-29 00:00:00
debiancve
debiancve
CVE-2012-1165
2012-03-15 17:55:00
nvd
nvd
CVE-2012-1165
2012-03-15 17:55:00
CVE-2006-7250
2012-02-29 11:55:04
oraclelinux
oraclelinux
openssl security and bug fix update
2012-05-29 00:00:00
openssl security and bug fix update
2012-03-27 00:00:00
openssl security update
2013-03-04 00:00:00
centos
centos
openssl security update
2012-05-29 22:40:25
openssl security update
2012-03-28 00:47:32
openssl security update
2013-03-04 22:46:45
amazon
amazon
Medium: openssl
2012-04-05 12:49:00
Medium: openssl
2013-03-14 22:04:00
redhat
redhat
(RHSA-2012:0699) Moderate: openssl security and bug fix update
2012-05-29 00:00:00
(RHSA-2012:1306) Important: openssl security update
2012-09-24 15:52:11
(RHSA-2012:1307) Important: openssl security update
2012-09-24 15:53:22
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
osv
osv
openssl - several vulnerabilities
2013-02-13 00:00:00
openssl - multiple
2012-04-24 00:00:00
openssl - incomplete fix
2012-04-24 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-13:03.openssl
2013-04-02 00:00:00
suse
suse
Security update for openssl (important)
2012-05-30 23:08:17
cert
cert
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL
2013-03-18 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.143

Percentile

95.8%

JSON
Related for GLSA-201312-03
openvas72nessus54aix2securityvulns3fedora11ubuntu5ibm8freebsd2slackware1debian2cve2f53cvelist1prion1ubuntucve3debiancve1nvd2oraclelinux3centos3amazon2redhat7altlinux5osv3freebsd_advisory1suse1cert1