Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 Tenable Network Security, Inc.OPENSUSE-2015-507.NASL
HistoryJul 27, 2015 - 12:00 a.m.

openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)

2015-07-2700:00:00
This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.
www.tenable.com
9
JSON

libressl was updated to version 2.2.1 to fix 16 security issues.

LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL.

These security issues were fixed :

  • CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (bsc#912296).

  • CVE-2014-3572: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (bsc#912015).

  • CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function (bsc#934493).

  • CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain constraints on certificate data, which allowed remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate’s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (bsc#912018).

  • CVE-2015-0209: Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (bsc#919648).

  • CVE-2015-1789: The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback (bsc#934489).

  • CVE-2015-1788: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b did not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allowed remote attackers to cause a denial of service (infinite loop) via a session that used an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication (bsc#934487).

  • CVE-2015-1790: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that used ASN.1 encoding and lacks inner EncryptedContent data (bsc#934491).

  • CVE-2015-0287: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not reinitialize CHOICE and ADB data structures, which might allowed attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (bsc#922499).

  • CVE-2015-0286: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly perform boolean-type comparisons, which allowed remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that used the certificate-verification feature (bsc#922496).

  • CVE-2015-0289: The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly handle a lack of outer ContentInfo, which allowed attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (bsc#922500).

  • CVE-2015-0288: The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (bsc#920236).

  • CVE-2014-8176: The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allowed remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data (bsc#934494).

  • CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the ‘Logjam’ issue (bsc#931600).

  • CVE-2015-0205: The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allowed remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (bsc#912293).

  • CVE-2015-0206: Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (bsc#912292).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-507.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84998);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2014-3570",
    "CVE-2014-3572",
    "CVE-2014-8176",
    "CVE-2014-8275",
    "CVE-2015-0205",
    "CVE-2015-0206",
    "CVE-2015-0209",
    "CVE-2015-0286",
    "CVE-2015-0287",
    "CVE-2015-0288",
    "CVE-2015-0289",
    "CVE-2015-1788",
    "CVE-2015-1789",
    "CVE-2015-1790",
    "CVE-2015-1792",
    "CVE-2015-4000"
  );
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"libressl was updated to version 2.2.1 to fix 16 security issues.

LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL
often also affect LibreSSL.

These security issues were fixed :

  - CVE-2014-3570: The BN_sqr implementation in OpenSSL
    before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before
    1.0.1k did not properly calculate the square of a BIGNUM
    value, which might make it easier for remote attackers
    to defeat cryptographic protection mechanisms via
    unspecified vectors, related to crypto/bn/asm/mips.pl,
    crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c
    (bsc#912296).

  - CVE-2014-3572: The ssl3_get_key_exchange function in
    s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before
    1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL
    servers to conduct ECDHE-to-ECDH downgrade attacks and
    trigger a loss of forward secrecy by omitting the
    ServerKeyExchange message (bsc#912015).

  - CVE-2015-1792: The do_free_upto function in
    crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0
    before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before
    1.0.2b allowed remote attackers to cause a denial of
    service (infinite loop) via vectors that trigger a NULL
    value of a BIO data structure, as demonstrated by an
    unrecognized X.660 OID for a hash function (bsc#934493).

  - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before
    1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain
    constraints on certificate data, which allowed remote
    attackers to defeat a fingerprint-based
    certificate-blacklist protection mechanism by including
    crafted data within a certificate's unsigned portion,
    related to crypto/asn1/a_verify.c,
    crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and
    crypto/x509/x_all.c (bsc#912018).

  - CVE-2015-0209: Use-after-free vulnerability in the
    d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in
    OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1
    before 1.0.1m, and 1.0.2 before 1.0.2a might allowed
    remote attackers to cause a denial of service (memory
    corruption and application crash) or possibly have
    unspecified other impact via a malformed Elliptic Curve
    (EC) private-key file that is improperly handled during
    import (bsc#919648).

  - CVE-2015-1789: The X509_cmp_time function in
    crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0
    before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before
    1.0.2b allowed remote attackers to cause a denial of
    service (out-of-bounds read and application crash) via a
    crafted length field in ASN1_TIME data, as demonstrated
    by an attack against a server that supports client
    authentication with a custom verification callback
    (bsc#934489).

  - CVE-2015-1788: The BN_GF2m_mod_inv function in
    crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0
    before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before
    1.0.2b did not properly handle ECParameters structures
    in which the curve is over a malformed binary polynomial
    field, which allowed remote attackers to cause a denial
    of service (infinite loop) via a session that used an
    Elliptic Curve algorithm, as demonstrated by an attack
    against a server that supports client authentication
    (bsc#934487).

  - CVE-2015-1790: The PKCS7_dataDecodefunction in
    crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0
    before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before
    1.0.2b allowed remote attackers to cause a denial of
    service (NULL pointer dereference and application crash)
    via a PKCS#7 blob that used ASN.1 encoding and lacks
    inner EncryptedContent data (bsc#934491).

  - CVE-2015-0287: The ASN1_item_ex_d2i function in
    crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0
    before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before
    1.0.2a did not reinitialize CHOICE and ADB data
    structures, which might allowed attackers to cause a
    denial of service (invalid write operation and memory
    corruption) by leveraging an application that relies on
    ASN.1 structure reuse (bsc#922499).

  - CVE-2015-0286: The ASN1_TYPE_cmp function in
    crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0
    before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before
    1.0.2a did not properly perform boolean-type
    comparisons, which allowed remote attackers to cause a
    denial of service (invalid read operation and
    application crash) via a crafted X.509 certificate to an
    endpoint that used the certificate-verification feature
    (bsc#922496).

  - CVE-2015-0289: The PKCS#7 implementation in OpenSSL
    before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before
    1.0.1m, and 1.0.2 before 1.0.2a did not properly handle
    a lack of outer ContentInfo, which allowed attackers to
    cause a denial of service (NULL pointer dereference and
    application crash) by leveraging an application that
    processes arbitrary PKCS#7 data and providing malformed
    data with ASN.1 encoding, related to
    crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c
    (bsc#922500).

  - CVE-2015-0288: The X509_to_X509_REQ function in
    crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0
    before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before
    1.0.2a might allowed attackers to cause a denial of
    service (NULL pointer dereference and application crash)
    via an invalid certificate key (bsc#920236).

  - CVE-2014-8176: The dtls1_clear_queues function in
    ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before
    1.0.0m, and 1.0.1 before 1.0.1h frees data structures
    without considering that application data can arrive
    between a ChangeCipherSpec message and a Finished
    message, which allowed remote DTLS peers to cause a
    denial of service (memory corruption and application
    crash) or possibly have unspecified other impact via
    unexpected application data (bsc#934494).

  - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a
    DHE_EXPORT ciphersuite is enabled on a server but not on
    a client, did not properly convey a DHE_EXPORT choice,
    which allowed man-in-the-middle attackers to conduct
    cipher-downgrade attacks by rewriting a ClientHello with
    DHE replaced by DHE_EXPORT and then rewriting a
    ServerHello with DHE_EXPORT replaced by DHE, aka the
    'Logjam' issue (bsc#931600).

  - CVE-2015-0205: The ssl3_get_cert_verify function in
    s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1
    before 1.0.1k accepts client authentication with a
    Diffie-Hellman (DH) certificate without requiring a
    CertificateVerify message, which allowed remote
    attackers to obtain access without knowledge of a
    private key via crafted TLS Handshake Protocol traffic
    to a server that recognizes a Certification Authority
    with DH support (bsc#912293).

  - CVE-2015-0206: Memory leak in the dtls1_buffer_record
    function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and
    1.0.1 before 1.0.1k allowed remote attackers to cause a
    denial of service (memory consumption) by sending many
    duplicate records for the next epoch, leading to failure
    of replay detection (bsc#912292).");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=912015");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=912018");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=912292");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=912293");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=912296");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=919648");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920236");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922496");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922499");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922500");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=931600");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=934487");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=934489");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=934491");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=934493");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=934494");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=937891");
  script_set_attribute(attribute:"solution", value:
"Update the affected libressl packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto34");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto34-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libressl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libressl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libressl-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libressl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libressl-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl33");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl33-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl33-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls4-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls4-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"libcrypto34-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libcrypto34-debuginfo-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libressl-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libressl-debuginfo-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libressl-debugsource-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libressl-devel-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libssl33-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libssl33-debuginfo-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libtls4-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libtls4-debuginfo-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libcrypto34-32bit-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libcrypto34-debuginfo-32bit-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libressl-devel-32bit-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libssl33-32bit-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libssl33-debuginfo-32bit-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libtls4-32bit-2.2.1-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libtls4-debuginfo-32bit-2.2.1-2.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcrypto34 / libcrypto34-32bit / libcrypto34-debuginfo / etc");
}
VendorProductVersionCPE
novellopensuselibcrypto34p-cpe:/a:novell:opensuse:libcrypto34
novellopensuselibcrypto34-32bitp-cpe:/a:novell:opensuse:libcrypto34-32bit
novellopensuselibcrypto34-debuginfop-cpe:/a:novell:opensuse:libcrypto34-debuginfo
novellopensuselibcrypto34-debuginfo-32bitp-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit
novellopensuselibresslp-cpe:/a:novell:opensuse:libressl
novellopensuselibressl-debuginfop-cpe:/a:novell:opensuse:libressl-debuginfo
novellopensuselibressl-debugsourcep-cpe:/a:novell:opensuse:libressl-debugsource
novellopensuselibressl-develp-cpe:/a:novell:opensuse:libressl-devel
novellopensuselibressl-devel-32bitp-cpe:/a:novell:opensuse:libressl-devel-32bit
novellopensuselibssl33p-cpe:/a:novell:opensuse:libssl33
Rows per page:
1-10 of 181

References

Related

suse 5
openvas 30
ibm 60
fedora 6
nessus 44
freebsd 1
freebsd_advisory 1
osv 4
fortinet 1
debian 7
aix 3
arista 1
paloalto 1
gentoo 1
securityvulns 4
ubuntu 3
cisco 1
slackware 2
altlinux 10
mageia 2
amazon 2
oraclelinux 5
archlinux 1
centos 1
symantec 1
redhat 2
suse
suse
Security update for libressl (important)
2015-07-22 15:08:14
Security update for OpenSSL (important)
2015-07-03 16:06:39
Security update for OpenSSL (important)
2015-07-03 14:05:21
openvas
openvas
openSUSE: Security Advisory for libressl (openSUSE-SU-2015:1277-1)
2015-09-18 00:00:00
Fedora Update for openssl FEDORA-2015-10108
2015-06-25 00:00:00
Gentoo Security Advisory GLSA 201506-02
2015-09-29 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in OpenSSL including Logjam affect IBM Flex System Manager (FSM)
2018-06-18 01:30:12
Security Bulletin: Vulnerabilities in OpenSSL affect IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2015-0286 CVE-2015-0288 CVE-2015-0289 CVE-2015-0209 CVE-2015-0287)
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM® SDK for Node.js™ in IBM Bluemix
2018-08-09 04:20:36
fedora
fedora
[SECURITY] Fedora 21 Update: openssl-1.0.1k-10.fc21
2015-06-24 15:57:49
[SECURITY] Fedora 21 Update: openssl-1.0.1k-11.fc21
2015-07-13 19:12:30
[SECURITY] Fedora 22 Update: openssl-1.0.1k-10.fc22
2015-06-21 00:19:25
nessus
nessus
GLSA-201506-02 : OpenSSL: Multiple vulnerabilities (Logjam)
2015-06-23 00:00:00
FreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)
2015-06-12 00:00:00
AIX OpenSSL Advisory : openssl_advisory14.asc (Logjam)
2015-07-20 00:00:00
freebsd
freebsd
openssl -- multiple vulnerabilities
2015-06-11 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:10.openssl
2015-06-12 00:00:00
osv
osv
openssl - security update
2015-06-13 00:00:00
openssl - security update
2015-06-17 00:00:00
openssl - security update
2015-03-19 00:00:00
fortinet
fortinet
OpenSSL vulnerabilities - June 2015
2015-06-11 00:00:00
debian
debian
[SECURITY] [DSA 3287-1] openssl security update
2015-06-13 14:32:55
[SECURITY] [DSA 3197-2] openssl regression update
2015-03-24 21:32:24
[SECURITY] [DSA 3197-2] openssl regression update
2015-03-24 21:32:24
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-07-15 00:20:05
Multiple Security vulnerabilities in AIX OpenSSL
2015-04-13 05:07:43
Multiple Security vulnerabilities in AIX OpenSSL
2015-02-04 06:24:41
arista
arista
Security Advisory 0011
2015-06-17 00:00:00
paloalto
paloalto
OpenSSL Vulnerabilities
2016-10-18 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2015-06-22 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2015-06-13 00:00:00
[USN-2639-1] OpenSSL vulnerabilities
2015-06-13 00:00:00
[security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities
2015-09-14 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-06-11 00:00:00
OpenSSL vulnerabilities
2015-01-12 00:00:00
OpenSSL vulnerabilities
2015-03-19 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
2015-06-12 16:00:00
slackware
slackware
[slackware-security] openssl
2015-04-22 01:22:19
[slackware-security] openssl
2015-06-11 23:01:09
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.1k-alt2
2015-03-19 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt2
2015-03-19 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt2
2015-03-19 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2015-03-19 19:47:16
Updated openssl package fixes security vulnerabilities
2015-06-19 16:33:05
amazon
amazon
Medium: openssl
2015-03-23 13:42:00
Medium: openssl
2015-06-16 11:29:00
oraclelinux
oraclelinux
openssl security update
2015-06-30 00:00:00
openssl security update
2015-12-14 00:00:00
openssl security update
2015-06-15 00:00:00
archlinux
archlinux
openssl: multiple issues
2015-06-12 00:00:00
centos
centos
openssl security update
2015-01-20 21:00:39
symantec
symantec
SA98 : OpenSSL Security Advisory 11-June-2015
2015-06-17 08:00:00
redhat
redhat
(RHSA-2015:0752) Moderate: openssl security update
2015-03-30 00:00:00
(RHSA-2015:0066) Moderate: openssl security update
2015-01-20 00:00:00
JSON
Related for OPENSUSE-2015-507.NASL
suse5openvas30ibm60fedora6nessus44freebsd1freebsd_advisory1osv4fortinet1debian7aix3arista1paloalto1gentoo1securityvulns4ubuntu3cisco1slackware2altlinux10mageia2amazon2oraclelinux5archlinux1centos1symantec1redhat2