Lucene search
OracleLinuxELSA-2016-0302HistoryMar 01, 2016 - 12:00 a.m.
openssl security update
2016-03-0100:00:00
linux.oracle.com
29
0.95 High
EPSS
Percentile
99.1%
[0.9.8e-39.0.1]
- To disable SSLv2 client connections create the file
/etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934] - Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893]
- fix CVE-2014-3570 - Bignum squaring may produce incorrect results
- fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
- fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]
[0.9.8e-39] - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn
[0.9.8e-38] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
- disable SSLv2 in the generic TLS method (can be reenabled
by setting environment variable OPENSSL_ENABLE_SSL2)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 5 | src | openssl | < 0.9.8e-39.0.1.el5_11 | openssl-0.9.8e-39.0.1.el5_11.src.rpm |
| oracle linux | 5 | i386 | openssl | < 0.9.8e-39.0.1.el5_11 | openssl-0.9.8e-39.0.1.el5_11.i386.rpm |
| oracle linux | 5 | i686 | openssl | < 0.9.8e-39.0.1.el5_11 | openssl-0.9.8e-39.0.1.el5_11.i686.rpm |
| oracle linux | 5 | i386 | openssl-devel | < 0.9.8e-39.0.1.el5_11 | openssl-devel-0.9.8e-39.0.1.el5_11.i386.rpm |
| oracle linux | 5 | i386 | openssl-perl | < 0.9.8e-39.0.1.el5_11 | openssl-perl-0.9.8e-39.0.1.el5_11.i386.rpm |
| oracle linux | 5 | src | openssl | < 0.9.8e-39.0.1.el5_11 | openssl-0.9.8e-39.0.1.el5_11.src.rpm |
| oracle linux | 5 | i686 | openssl | < 0.9.8e-39.0.1.el5_11 | openssl-0.9.8e-39.0.1.el5_11.i686.rpm |
| oracle linux | 5 | ia64 | openssl | < 0.9.8e-39.0.1.el5_11 | openssl-0.9.8e-39.0.1.el5_11.ia64.rpm |
| oracle linux | 5 | ia64 | openssl-devel | < 0.9.8e-39.0.1.el5_11 | openssl-devel-0.9.8e-39.0.1.el5_11.ia64.rpm |
| oracle linux | 5 | ia64 | openssl-perl | < 0.9.8e-39.0.1.el5_11 | openssl-perl-0.9.8e-39.0.1.el5_11.ia64.rpm |
Related
nessus
nessus
OracleVM 3.2 : openssl (OVMSA-2016-0071)
2016-06-22 00:00:00
Oracle Linux 5 : openssl (ELSA-2016-0302) (DROWN)
2016-03-02 00:00:00
RHEL 5 : openssl (RHSA-2016:0302) (DROWN)
2016-03-02 00:00:00
redhat
redhat
(RHSA-2016:0302) Important: openssl security update
2016-03-01 00:00:00
(RHSA-2016:0305) Important: openssl security update
2016-03-01 00:00:00
openvas
openvas
Oracle Linux Local Check: ELSA-2016-0302
2016-03-02 00:00:00
CentOS Update for openssl CESA-2016:0302 centos5
2016-03-02 00:00:00
RedHat Update for openssl RHSA-2016:0302-01
2016-03-02 00:00:00
centos
centos
openssl security update
2016-03-01 16:57:33
openssl security update
2016-03-01 16:09:29
openssl security update
2015-01-20 21:00:39
oraclelinux
oraclelinux
openssl security update
2015-12-14 00:00:00
openssl security update
2016-05-31 00:00:00
openssl security update
2015-02-26 00:00:00
debian
debian
[SECURITY] [DLA 132-1] openssl security update
2015-01-11 13:16:17
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affect ProtecTIER
2022-02-16 22:09:18
osv
osv
openssl - security update
2015-01-11 00:00:00
openssl - security update
2015-01-11 00:00:00
seebug
seebug
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
2016-03-02 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2016-0800
2016-03-01 00:00:00
Vulnerability in OpenSSL CVE-2015-3197
2016-01-28 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-01-12 00:00:00
securityvulns
securityvulns
[USN-2459-1] OpenSSL vulnerabilities
2015-01-13 00:00:00
OpenSSL multiple security vulnerabilities
2015-01-13 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-02-04 06:24:41
fedora
fedora
[SECURITY] Fedora 21 Update: openssl-1.0.1k-1.fc21
2015-01-13 00:02:20
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt1
2015-01-12 00:00:00
suse
suse
Security update for openssl (important)
2015-01-23 20:05:13
Security update for openssl (important)
2016-03-11 14:14:22
Security update for openssl (important)
2016-03-03 15:11:31
archlinux
archlinux
openssl: multiple issues
2015-01-09 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
2015-03-10 16:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2015-01-08 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:01.openssl
2015-01-14 00:00:00
FreeBSD-SA-16:11.openssl
2016-01-30 00:00:00
kaspersky
kaspersky
KLA10460 Multiple vulnerabilities in OpenSSL
2015-01-08 00:00:00
slackware
slackware
[slackware-security] openssl
2015-01-09 18:34:39
[slackware-security] openssl
2016-02-04 00:06:23
amazon
amazon
Important: openssl
2016-03-10 16:30:00
Medium: openssl
2015-01-11 12:36:00
checkpoint_advisories
checkpoint_advisories
OpenSSL Ephemeral ECDH Cipher Suite Handshake Downgrade (CVE-2014-3572)
2015-01-07 00:00:00
prion
prion
Code injection
2015-01-09 02:59:00
Design/Logic Flaw
2016-02-15 02:59:00
Design/Logic Flaw
2015-01-09 02:59:00
f5
f5
K16126 : OpenSSL vulnerability CVE-2014-3572
2015-09-16 00:00:00
SOL33209124 - OpenSSL vulnerability CVE-2015-3197
2016-01-28 00:00:00
K33209124 : OpenSSL vulnerability CVE-2015-3197
2016-01-29 00:00:00
hackerone
hackerone
Internet Bug Bounty: SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
2016-09-07 17:41:26
debiancve
debiancve
veracode
veracode
Cipher Bypass
2017-02-10 00:52:27
Weak Cryptographic Protection Mechanisms
2017-02-06 07:21:23
Weak Cryptographic Protection Mechanisms
2019-01-15 09:04:11
cve
cve
CVE-2014-3572
2015-01-09 02:59:00
CVE-2014-3571
2015-01-09 02:59:00