Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2012:0699
HistoryMay 29, 2012 - 12:00 a.m.

(RHSA-2012:0699) Moderate: openssl security and bug fix update

2012-05-2900:00:00
access.redhat.com
17

EPSS

0.047

Percentile

92.7%

JSON

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An integer underflow flaw, leading to a buffer over-read, was found in the
way OpenSSL handled DTLS (Datagram Transport Layer Security) application
data record lengths when using a block cipher in CBC (cipher-block
chaining) mode. A malicious DTLS client or server could use this flaw to
crash its DTLS connection peer. (CVE-2012-2333)

Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges Codenomicon as the original reporter.

On Red Hat Enterprise Linux 6, this update also fixes an uninitialized
variable use bug, introduced by the fix for CVE-2012-0884 (released via
RHSA-2012:0426). This bug could possibly cause an attempt to create an
encrypted message in the CMS (Cryptographic Message Syntax) format to fail.

All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

OSVersionArchitecturePackageVersionFilename
RedHat6i686openssl-perl< 1.0.0-20.el6_2.5openssl-perl-1.0.0-20.el6_2.5.i686.rpm
RedHat6x86_64openssl-perl< 1.0.0-20.el6_2.5openssl-perl-1.0.0-20.el6_2.5.x86_64.rpm
RedHat6i686openssl-debuginfo< 1.0.0-20.el6_2.5openssl-debuginfo-1.0.0-20.el6_2.5.i686.rpm
RedHat5s390openssl< 0.9.8e-22.el5_8.4openssl-0.9.8e-22.el5_8.4.s390.rpm
RedHat6i686openssl< 1.0.0-20.el6_2.5openssl-1.0.0-20.el6_2.5.i686.rpm
RedHat6ppcopenssl< 1.0.0-20.el6_2.5openssl-1.0.0-20.el6_2.5.ppc.rpm
RedHat5s390xopenssl-perl< 0.9.8e-22.el5_8.4openssl-perl-0.9.8e-22.el5_8.4.s390x.rpm
RedHat6x86_64openssl-debuginfo< 1.0.0-20.el6_2.5openssl-debuginfo-1.0.0-20.el6_2.5.x86_64.rpm
RedHat5ia64openssl-perl< 0.9.8e-22.el5_8.4openssl-perl-0.9.8e-22.el5_8.4.ia64.rpm
RedHat5i386openssl-perl< 0.9.8e-22.el5_8.4openssl-perl-0.9.8e-22.el5_8.4.i386.rpm
Rows per page:
1-10 of 561

Related

openvas 61
nessus 49
oraclelinux 2
centos 2
ubuntu 1
securityvulns 6
altlinux 10
fedora 11
openssl 2
prion 3
ibm 9
cve 3
cvelist 3
veracode 3
amazon 2
ubuntucve 2
freebsd 3
suse 3
f5 4
debiancve 2
nvd 3
debian 2
checkpoint_security 1
aix 1
redhat 6
gentoo 1
cert 1
freebsd_advisory 1
osv 2
openvas
openvas
CentOS Update for openssl CESA-2012:0699 centos6
2012-07-30 00:00:00
Oracle: Security Advisory (ELSA-2012-0699)
2015-10-06 00:00:00
CentOS Update for openssl CESA-2012:0699 centos6
2012-07-30 00:00:00
nessus
nessus
Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120529)
2012-08-01 00:00:00
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openssl vulnerabilities (USN-1451-1)
2012-05-29 00:00:00
CentOS 5 / 6 : openssl (CESA-2012:0699)
2012-05-30 00:00:00
oraclelinux
oraclelinux
openssl security and bug fix update
2012-05-29 00:00:00
openssl security and bug fix update
2012-03-27 00:00:00
centos
centos
openssl security update
2012-05-29 22:40:25
openssl security update
2012-03-28 00:47:32
ubuntu
ubuntu
OpenSSL vulnerabilities
2012-05-24 00:00:00
securityvulns
securityvulns
OpenSSL DoS
2012-05-21 00:00:00
OpenSSL security vulnerabilities
2012-04-02 00:00:00
[ MDVSA-2012:038 ] openssl
2012-04-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0j-alt1
2012-05-12 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.0j-alt1
2012-05-12 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0j-alt1
2012-05-12 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: openssl-1.0.0j-1.fc17
2012-05-29 10:32:44
[SECURITY] Fedora 16 Update: openssl-1.0.0j-1.fc16
2012-06-03 00:00:32
[SECURITY] Fedora 15 Update: openssl-1.0.0j-1.fc15
2012-06-03 00:02:27
openssl
openssl
Vulnerability in OpenSSL CVE-2012-2333
2012-05-10 00:00:00
Vulnerability in OpenSSL CVE-2012-0884
2012-03-12 00:00:00
prion
prion
Integer overflow
2012-05-14 22:55:00
Information disclosure
2012-03-13 03:12:00
Code injection
2012-08-08 10:26:00
ibm
ibm
Security Bulletin: IBM TS3310 Tape Library update for security vulnerabilities in OpenSSL (CVE-2012-2333)
2022-09-26 04:23:14
Security Bulletin: IBM TS3400 Tape Library update for security vulnerabilities in OpenSSL (CVE-2012-2333)
2022-09-26 04:23:14
Security Bulletin: IBM TS2900 Tape Library update for security vulnerabilities in OpenSSL (CVE-2012-2333)
2022-09-26 04:23:14
cve
cve
CVE-2012-2333
2012-05-14 22:55:03
CVE-2012-0884
2012-03-13 03:12:26
CVE-2012-2191
2012-08-08 10:26:18
cvelist
cvelist
CVE-2012-2333
2012-05-14 22:00:00
CVE-2012-0884
2012-03-13 01:00:00
CVE-2012-2191
2012-08-08 10:00:00
veracode
veracode
Denial Of Service (DoS) Through Buffer Over-read
2017-02-09 00:16:21
Denial Of Service (DoS) Through Buffer Over-read
2019-01-15 08:51:36
Million Message Attack (MMA)
2017-02-09 01:46:40
amazon
amazon
Medium: openssl
2012-06-10 11:48:00
Medium: openssl
2012-04-05 12:49:00
ubuntucve
ubuntucve
CVE-2012-2333
2012-05-14 00:00:00
CVE-2012-0884
2012-03-12 00:00:00
freebsd
freebsd
OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service
2012-05-10 00:00:00
OpenSSL -- CMS and S/MIME Bleichenbacher attack
2012-03-12 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2012-05-03 00:00:00
suse
suse
Security update for openssl (important)
2012-05-31 01:08:19
Security update for openssl (important)
2012-05-31 00:08:26
Security update for openssl (important)
2012-05-30 23:08:17
f5
f5
K15401 : OpenSSL vulnerability CVE-2012-2333
2014-07-10 00:00:00
SOL15401 - OpenSSL vulnerability CVE-2012-2333
2014-07-09 00:00:00
SOL13598 - OpenSSL vulnerability CVE-2012-0884
2012-05-22 00:00:00
debiancve
debiancve
CVE-2012-2333
2012-05-14 22:55:03
CVE-2012-0884
2012-03-13 03:12:26
nvd
nvd
CVE-2012-2333
2012-05-14 22:55:03
CVE-2012-0884
2012-03-13 03:12:26
CVE-2012-2191
2012-08-08 10:26:18
debian
debian
[SECURITY] [DSA 2475-1] openssl security update
2012-05-17 23:14:31
[SECURITY] [DSA 2454-1] openssl security update
2012-04-19 21:21:20
checkpoint_security
checkpoint_security
Check Point response to OpenSSL CVE-2012-0884
2012-06-07 21:00:00
aix
aix
Multiple OpenSSL vulnerabilities
2012-08-01 09:25:58
redhat
redhat
(RHSA-2012:1306) Important: openssl security update
2012-09-24 15:52:11
(RHSA-2012:1307) Important: openssl security update
2012-09-24 15:53:22
(RHSA-2012:1308) Important: openssl security update
2012-09-24 15:54:31
gentoo
gentoo
OpenSSL: Multiple Vulnerabilities
2013-12-03 00:00:00
cert
cert
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL
2013-03-18 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:01.openssl
2012-05-30 00:00:00
osv
osv
openssl - multiple
2012-04-24 00:00:00
openssl - incomplete fix
2012-04-24 00:00:00

EPSS

0.047

Percentile

92.7%

JSON
Related for RHSA-2012:0699
openvas61nessus49oraclelinux2centos2ubuntu1securityvulns6altlinux10fedora11openssl2prion3ibm9cve3cvelist3veracode3amazon2ubuntucve2freebsd3suse3f54debiancve2nvd3debian2checkpoint_security1aix1redhat6gentoo1cert1freebsd_advisory1osv2