{"id": "SECURITYVULNS:VULN:12150", "bulletinFamily": "software", "title": "OpenSSL library multiple security vulnerabilities", "description": "Double free(), protection bypass, information leakages, DoS conditions.", "published": "2012-01-20T00:00:00", "modified": "2012-01-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12150", "reporter": "BUGTRAQ", "references": [], "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4354", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:45", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "26d47062c78fd6487f5649e7196654f8"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "5113388b0e8f7b50424d42e952f4811a"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "4a00d3ce9679e2185fde97124542b675"}, {"key": "href", "hash": "42f73c2197edd1e2d01a1db500792205"}, {"key": "modified", "hash": "14a44e8528097a5650c56a0cbe237688"}, {"key": "published", "hash": "14a44e8528097a5650c56a0cbe237688"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "c008e55666c0102b5769fcf8e8eeba66"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "5cff015d9b5f5a662806fc0487767fdc3572bf52f32e66188623de3e6a6d0415", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:09:45"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": [{"name": "OpenSSL", "operator": "eq", "version": "1.0"}]}

{"openssl": [{"lastseen": "2016-09-26T17:22:35", "references": [], "edition": 1, "description": "A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications are affected. Reported by Antonio Martin.", "reporter": "OpenSSL", "published": "2012-01-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2011-4108, CVE-2012-0050)", "bulletinFamily": "software", "affectedSoftware": [{"name": "openssl", "version": "0.9.8s", "operator": "eq"}, {"name": "openssl", "version": "1.0.0f", "operator": "eq"}], "cvelist": ["CVE-2011-4108", "CVE-2012-0050"], "modified": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2011-4108,CVE-2012-0050", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-03-16T06:10:11", "references": [], "description": "A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications are affected. Reported by Antonio Martin.", "edition": 1, "reporter": "OpenSSL", "published": "2012-01-04T00:00:00", "title": "Vulnerability in OpenSSL (CVE-2012-0050, CVE-2011-4108)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "bulletinFamily": "software", "cvelist": ["CVE-2011-4108", "CVE-2012-0050"], "modified": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2012-0050,CVE-2011-4108", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:35", "references": [], "edition": 1, "description": "Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack. Reported by George Kadianakis.", "reporter": "OpenSSL", "published": "2012-01-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2011-4619)", "bulletinFamily": "software", "affectedSoftware": [{"name": "openssl", "version": "1.0.0d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8p", "operator": "eq"}, {"name": "openssl", "version": "1.0.0b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8q", "operator": "eq"}, {"name": "openssl", "version": "0.9.8e", "operator": "eq"}, {"name": "openssl", "version": "1.0.0", "operator": "eq"}, {"name": "openssl", "version": "1.0.0e", "operator": "eq"}, {"name": "openssl", "version": "1.0.0a", "operator": "eq"}, {"name": "openssl", "version": "0.9.8c", "operator": "eq"}, {"name": "openssl", "version": "0.9.8o", "operator": "eq"}, {"name": "openssl", "version": "0.9.8j", "operator": "eq"}, {"name": "openssl", "version": "0.9.8l", "operator": "eq"}, {"name": "openssl", "version": "0.9.8n", "operator": "eq"}, {"name": "openssl", "version": "0.9.8d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8i", "operator": "eq"}, {"name": "openssl", "version": "0.9.8g", "operator": "eq"}, {"name": "openssl", "version": "0.9.8m", "operator": "eq"}, {"name": "openssl", "version": "0.9.8b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8f", "operator": "eq"}, {"name": "openssl", "version": "0.9.8", "operator": "eq"}, {"name": "openssl", "version": "0.9.8r", "operator": "eq"}, {"name": "openssl", "version": "1.0.0c", "operator": "eq"}, {"name": "openssl", "version": "0.9.8a", "operator": "eq"}, {"name": "openssl", "version": "0.9.8h", "operator": "eq"}, {"name": "openssl", "version": "0.9.8k", "operator": "eq"}], "cvelist": ["CVE-2011-4619"], "modified": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2011-4619", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:35", "references": [], "edition": 1, "description": "OpenSSL was susceptable an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS by exploiting timing differences arising during decryption processing. Reported by Nadhem Alfardan and Kenny Paterson.", "reporter": "OpenSSL", "published": "2012-01-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2011-4108)", "bulletinFamily": "software", "affectedSoftware": [{"name": "openssl", "version": "1.0.0d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8p", "operator": "eq"}, {"name": "openssl", "version": "1.0.0b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8q", "operator": "eq"}, {"name": "openssl", "version": "0.9.8e", "operator": "eq"}, {"name": "openssl", "version": "1.0.0", "operator": "eq"}, {"name": "openssl", "version": "1.0.0e", "operator": "eq"}, {"name": "openssl", "version": "1.0.0a", "operator": "eq"}, {"name": "openssl", "version": "0.9.8c", "operator": "eq"}, {"name": "openssl", "version": "0.9.8o", "operator": "eq"}, {"name": "openssl", "version": "0.9.8j", "operator": "eq"}, {"name": "openssl", "version": "0.9.8l", "operator": "eq"}, {"name": "openssl", "version": "0.9.8n", "operator": "eq"}, {"name": "openssl", "version": "0.9.8d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8i", "operator": "eq"}, {"name": "openssl", "version": "0.9.8g", "operator": "eq"}, {"name": "openssl", "version": "0.9.8m", "operator": "eq"}, {"name": "openssl", "version": "0.9.8b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8f", "operator": "eq"}, {"name": "openssl", "version": "0.9.8", "operator": "eq"}, {"name": "openssl", "version": "0.9.8r", "operator": "eq"}, {"name": "openssl", "version": "1.0.0c", "operator": "eq"}, {"name": "openssl", "version": "0.9.8a", "operator": "eq"}, {"name": "openssl", "version": "0.9.8h", "operator": "eq"}, {"name": "openssl", "version": "0.9.8k", "operator": "eq"}], "cvelist": ["CVE-2011-4108"], "modified": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2011-4108", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:35", "references": [], "edition": 1, "description": "OpenSSL failed to clear the bytes used as block cipher padding in SSL 3.0 records which could leak the contents of memory in some circumstances. Reported by Adam Langley.", "reporter": "OpenSSL", "published": "2012-01-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2011-4576)", "bulletinFamily": "software", "affectedSoftware": [{"name": "openssl", "version": "1.0.0d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8p", "operator": "eq"}, {"name": "openssl", "version": "1.0.0b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8q", "operator": "eq"}, {"name": "openssl", "version": "0.9.8e", "operator": "eq"}, {"name": "openssl", "version": "1.0.0", "operator": "eq"}, {"name": "openssl", "version": "1.0.0e", "operator": "eq"}, {"name": "openssl", "version": "1.0.0a", "operator": "eq"}, {"name": "openssl", "version": "0.9.8c", "operator": "eq"}, {"name": "openssl", "version": "0.9.8o", "operator": "eq"}, {"name": "openssl", "version": "0.9.8j", "operator": "eq"}, {"name": "openssl", "version": "0.9.8l", "operator": "eq"}, {"name": "openssl", "version": "0.9.8n", "operator": "eq"}, {"name": "openssl", "version": "0.9.8d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8i", "operator": "eq"}, {"name": "openssl", "version": "0.9.8g", "operator": "eq"}, {"name": "openssl", "version": "0.9.8m", "operator": "eq"}, {"name": "openssl", "version": "0.9.8b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8f", "operator": "eq"}, {"name": "openssl", "version": "0.9.8", "operator": "eq"}, {"name": "openssl", "version": "0.9.8r", "operator": "eq"}, {"name": "openssl", "version": "1.0.0c", "operator": "eq"}, {"name": "openssl", "version": "0.9.8a", "operator": "eq"}, {"name": "openssl", "version": "0.9.8h", "operator": "eq"}, {"name": "openssl", "version": "0.9.8k", "operator": "eq"}], "cvelist": ["CVE-2011-4576"], "modified": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2011-4576", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:35", "references": [], "edition": 1, "description": "If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected Reported by Ben Laurie.", "reporter": "OpenSSL", "published": "2012-01-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2011-4109)", "bulletinFamily": "software", "affectedSoftware": [{"name": "openssl", "version": "0.9.8p", "operator": "eq"}, {"name": "openssl", "version": "0.9.8q", "operator": "eq"}, {"name": "openssl", "version": "0.9.8e", "operator": "eq"}, {"name": "openssl", "version": "0.9.8c", "operator": "eq"}, {"name": "openssl", "version": "0.9.8o", "operator": "eq"}, {"name": "openssl", "version": "0.9.8j", "operator": "eq"}, {"name": "openssl", "version": "0.9.8l", "operator": "eq"}, {"name": "openssl", "version": "0.9.8n", "operator": "eq"}, {"name": "openssl", "version": "0.9.8d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8i", "operator": "eq"}, {"name": "openssl", "version": "0.9.8g", "operator": "eq"}, {"name": "openssl", "version": "0.9.8m", "operator": "eq"}, {"name": "openssl", "version": "0.9.8b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8f", "operator": "eq"}, {"name": "openssl", "version": "0.9.8", "operator": "eq"}, {"name": "openssl", "version": "0.9.8r", "operator": "eq"}, {"name": "openssl", "version": "0.9.8a", "operator": "eq"}, {"name": "openssl", "version": "0.9.8h", "operator": "eq"}, {"name": "openssl", "version": "0.9.8k", "operator": "eq"}], "cvelist": ["CVE-2011-4109"], "modified": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2011-4109", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:22:35", "references": [], "edition": 1, "description": "A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug. Reported by Andrey Kulikov.", "reporter": "OpenSSL", "published": "2012-01-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2012-0027)", "bulletinFamily": "software", "affectedSoftware": [{"name": "openssl", "version": "1.0.0d", "operator": "eq"}, {"name": "openssl", "version": "1.0.0b", "operator": "eq"}, {"name": "openssl", "version": "1.0.0", "operator": "eq"}, {"name": "openssl", "version": "1.0.0e", "operator": "eq"}, {"name": "openssl", "version": "1.0.0a", "operator": "eq"}, {"name": "openssl", "version": "1.0.0c", "operator": "eq"}], "cvelist": ["CVE-2012-0027"], "modified": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2012-0027", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:39:35", "references": ["https://security-tracker.debian.org/tracker/CVE-2011-4109", "https://security-tracker.debian.org/tracker/CVE-2011-4354", "https://security-tracker.debian.org/tracker/CVE-2011-4576", "https://security-tracker.debian.org/tracker/CVE-2011-4108", "https://security-tracker.debian.org/tracker/CVE-2011-4619", "https://packages.debian.org/source/squeeze/openssl", "http://www.debian.org/security/2012/dsa-2390"], "pluginID": "57543", "description": "Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities :\n\n - CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.\n\n - CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check.\n\n - CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server.\n (Regular RSA-based keys are not affected by this vulnerability.)\n\n - CVE-2011-4576 The SSL 3.0 implementation does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.\n\n - CVE-2011-4619 The Server Gated Cryptography (SGC) implementation in OpenSSL does not properly handle handshake restarts, unnecessarily simplifying CPU exhaustion attacks.", "edition": 5, "reporter": "Tenable", "published": "2012-01-16T00:00:00", "title": "Debian DSA-2390-1 : openssl - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4354", "CVE-2011-4109"], "modified": "2018-07-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:openssl"], "id": "DEBIAN_DSA-2390.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57543", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2390. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57543);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/09 14:30:25\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_bugtraq_id(50882, 51281);\n script_xref(name:\"DSA\", value:\"2390\");\n\n script_name(english:\"Debian DSA-2390-1 : openssl - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and Exposures\nproject identifies the following vulnerabilities :\n\n - CVE-2011-4108\n The DTLS implementation performs a MAC check only if\n certain padding is valid, which makes it easier for\n remote attackers to recover plaintext via a padding\n oracle attack.\n\n - CVE-2011-4109\n A double free vulnerability when\n X509_V_FLAG_POLICY_CHECK is enabled, allows remote\n attackers to cause applications crashes and potentially\n allow execution of arbitrary code by triggering failure\n of a policy check.\n\n - CVE-2011-4354\n On 32-bit systems, the operations on NIST elliptic\n curves P-256 and P-384 are not correctly implemented,\n potentially leaking the private ECC key of a TLS server.\n (Regular RSA-based keys are not affected by this\n vulnerability.)\n\n - CVE-2011-4576\n The SSL 3.0 implementation does not properly initialize\n data structures for block cipher padding, which might\n allow remote attackers to obtain sensitive information\n by decrypting the padding data sent by an SSL peer.\n\n - CVE-2011-4619\n The Server Gated Cryptography (SGC) implementation in\n OpenSSL does not properly handle handshake restarts,\n unnecessarily simplifying CPU exhaustion attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2012/dsa-2390\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"openssl\", reference:\"0.9.8g-15+lenny15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcrypto0.9.8-udeb\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl-dev\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssl\", reference:\"0.9.8o-4squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:31", "references": ["https://www.openssl.org/news/secadv/20120104.txt"], "pluginID": "61942", "description": "Multiple vulnerabilities has been found and corrected in openssl :\n\nThe DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack (CVE-2011-4108).\n\nDouble free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check (CVE-2011-4109).\n\nThe SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer (CVE-2011-4576).\n\nThe Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors (CVE-2011-4619).\n\nThe GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client (CVE-2012-0027).\n\nThe updated packages have been patched to correct these issues.", "edition": 5, "reporter": "Tenable", "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : openssl (MDVSA-2012:007)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0027", "CVE-2011-4109"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:openssl", "p-cpe:/a:mandriva:linux:libopenssl-static-devel", "p-cpe:/a:mandriva:linux:libopenssl-engines1.0.0", "p-cpe:/a:mandriva:linux:libopenssl1.0.0", "p-cpe:/a:mandriva:linux:libopenssl-devel", "p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl-devel", "p-cpe:/a:mandriva:linux:lib64openssl-static-devel"], "id": "MANDRIVA_MDVSA-2012-007.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61942", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:007. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61942);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_bugtraq_id(51281);\n script_xref(name:\"MDVSA\", value:\"2012:007\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openssl (MDVSA-2012:007)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in openssl :\n\nThe DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f\nperforms a MAC check only if certain padding is valid, which makes it\neasier for remote attackers to recover plaintext via a padding oracle\nattack (CVE-2011-4108).\n\nDouble free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when\nX509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have\nan unspecified impact by triggering failure of a policy check\n(CVE-2011-4109).\n\nThe SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before\n1.0.0f does not properly initialize data structures for block cipher\npadding, which might allow remote attackers to obtain sensitive\ninformation by decrypting the padding data sent by an SSL peer\n(CVE-2011-4576).\n\nThe Server Gated Cryptography (SGC) implementation in OpenSSL before\n0.9.8s and 1.x before 1.0.0f does not properly handle handshake\nrestarts, which allows remote attackers to cause a denial of service\nvia unspecified vectors (CVE-2011-4619).\n\nThe GOST ENGINE in OpenSSL before 1.0.0f does not properly handle\ninvalid parameters for the GOST block cipher, which allows remote\nattackers to cause a denial of service (daemon crash) via crafted data\nfrom a TLS client (CVE-2012-0027).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120104.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl-devel-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl-engines1.0.0-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl-static-devel-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl-devel-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl-engines1.0.0-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl-static-devel-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenssl1.0.0-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"openssl-1.0.0d-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:28", "references": ["http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", "https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp"], "pluginID": "73561", "description": "The version of OpenSSL running on the remote host is affected by the following vulnerabilities :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. (CVE-2011-4619)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)", "edition": 10, "reporter": "Tenable", "published": "2014-04-16T00:00:00", "title": "AIX OpenSSL Advisory : openssl_advisory3.asc", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "AIX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2018-07-17T00:00:00", "cpe": ["cpe:/o:ibm:aix"], "id": "AIX_OPENSSL_ADVISORY3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73561", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory openssl_advisory3.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73561);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/17 12:00:06\");\n\n script_cve_id(\n \"CVE-2011-4108\",\n \"CVE-2011-4109\",\n \"CVE-2011-4576\",\n \"CVE-2011-4619\",\n \"CVE-2012-0050\"\n );\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"CERT\", value:\"737740\");\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory3.asc\");\n script_summary(english:\"Checks the version of the openssl packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote AIX host is running a vulnerable version of OpenSSL.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL running on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x\n before 1.0.0f performs a MAC check only if certain\n padding is valid, which makes it easier for remote\n attackers to recover plaintext via a padding oracle\n attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before\n 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows\n remote attackers to have an unspecified impact by\n triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and\n 1.x before 1.0.0f does not properly initialize data\n structures for block cipher padding, which might allow\n remote attackers to obtain sensitive information by\n decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - The Server Gated Cryptography (SGC) implementation in\n OpenSSL before 0.9.8s and 1.x before 1.0.0f does not\n properly handle handshake restarts, which allows remote\n attackers to cause a denial of service via unspecified\n vectors. (CVE-2011-4619)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS\n applications, which allows remote attackers to cause a\n denial of service via unspecified vectors. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2011-4108. (CVE-2012-0050)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available, and it can be downloaded from the AIX website.\n\nTo extract the fixes from the tar file :\n\n zcat openssl.0.9.8.1801.tar.Z | tar xvf -\n or\n zcat openssl-fips.12.9.8.1801.tar.Z | tar xvf -\n or\n zcat openssl.0.9.8.809.tar.Z | tar xvf -\n\nIMPORTANT : If possible, it is recommended that a mksysb backup of\nthe system be created. Verify it is both bootable and readable\nbefore proceeding.\n\nTo preview the fix installation :\n\n installp -apYd . openssl\n\nTo install the fix package :\n\n installp -aXYd . openssl\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/16\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-5.2\" && oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.2 / 5.3 / 6.1 / 7.1\", oslevel);\n}\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif (aix_check_package(release:\"5.2\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.808\", fixpackagever:\"0.9.8.809\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1800\", fixpackagever:\"0.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1800\", fixpackagever:\"0.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1800\", fixpackagever:\"0.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1800\", fixpackagever:\"12.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1800\", fixpackagever:\"12.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1800\", fixpackagever:\"12.9.8.1801\") > 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base / openssl-fips.base\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:32", "references": ["http://openssl.org/news/secadv/20120104.txt", "http://www.nessus.org/u?997521b7"], "pluginID": "57551", "description": "The OpenSSL Team reports :\n\n6 security flaws have been fixed in OpenSSL 1.0.0f :\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free.\n\nOpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.\n\nRFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.\n\nSupport for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.\n\nA malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking.\nThis could be used in a denial-of-service attack.", "edition": 4, "reporter": "Tenable", "published": "2012-01-16T00:00:00", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2011-4109"], "modified": "2015-09-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:openssl"], "id": "FREEBSD_PKG_78CC8A463E5611E189B4001EC9578670.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57551", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2015 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57551);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2015/09/02 14:18:43 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_bugtraq_id(51281);\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL Team reports :\n\n6 security flaws have been fixed in OpenSSL 1.0.0f :\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy\ncheck failure can lead to a double-free.\n\nOpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as\nblock cipher padding in SSL 3.0 records. As a result, in each record,\nup to 15 bytes of uninitialized memory may be sent, encrypted, to the\nSSL peer. This could include sensitive contents of previously freed\nmemory.\n\nRFC 3779 data can be included in certificates, and if it is malformed,\nmay trigger an assertion failure. This could be used in a\ndenial-of-service attack.\n\nSupport for handshake restarts for server gated cryptograpy (SGC) can\nbe used in a denial-of-service attack.\n\nA malicious TLS client can send an invalid set of GOST parameters\nwhich will cause the server to crash due to lack of error checking.\nThis could be used in a denial-of-service attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://openssl.org/news/secadv/20120104.txt\"\n );\n # http://www.freebsd.org/ports/portaudit/78cc8a46-3e56-11e1-89b4-001ec9578670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?997521b7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.0_8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:55:19", "references": ["http://www.nessus.org/u?b5f8def1", "http://www.nessus.org/u?2ecae356", "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0050_denial_of"], "pluginID": "80715", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. (CVE-2011-4577)\n\n - The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. (CVE-2011-4619)\n\n - The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. (CVE-2012-0027)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)", "edition": 4, "reporter": "Tenable", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:openssl", "cpe:/o:oracle:solaris:11.0"], "id": "SOLARIS11_OPENSSL_20120404.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80715", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80715);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/01/19 15:17:51 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x\n before 1.0.0f performs a MAC check only if certain\n padding is valid, which makes it easier for remote\n attackers to recover plaintext via a padding oracle\n attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before\n 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows\n remote attackers to have an unspecified impact by\n triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and\n 1.x before 1.0.0f does not properly initialize data\n structures for block cipher padding, which might allow\n remote attackers to obtain sensitive information by\n decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC\n 3779 support is enabled, allows remote attackers to\n cause a denial of service (assertion failure) via an\n X.509 certificate containing certificate-extension data\n associated with (1) IP address blocks or (2) Autonomous\n System (AS) identifiers. (CVE-2011-4577)\n\n - The Server Gated Cryptography (SGC) implementation in\n OpenSSL before 0.9.8s and 1.x before 1.0.0f does not\n properly handle handshake restarts, which allows remote\n attackers to cause a denial of service (CPU consumption)\n via unspecified vectors. (CVE-2011-4619)\n\n - The GOST ENGINE in OpenSSL before 1.0.0f does not\n properly handle invalid parameters for the GOST block\n cipher, which allows remote attackers to cause a denial\n of service (daemon crash) via crafted data from a TLS\n client. (CVE-2012-0027)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS\n applications, which allows remote attackers to cause a\n denial of service (crash) via unspecified vectors\n related to an out-of-bounds read. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2011-4108. (CVE-2012-0050)\"\n );\n # http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5f8def1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/entry/cve_2012_0050_denial_of\"\n );\n # https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ecae356\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 4a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:openssl\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^openssl$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.4.0.6.0\", sru:\"SRU 4a\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : openssl\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"openssl\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:38", "references": ["https://security.gentoo.org/glsa/201203-12"], "pluginID": "58222", "description": "The remote host is affected by the vulnerability described in GLSA-201203-12 (OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL:\n Timing differences for decryption are exposed by CBC mode encryption in OpenSSL&rsquo;s implementation of DTLS (CVE-2011-4108).\n A policy check failure can result in a double-free error when X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109).\n Clients and servers using SSL 3.0 handshakes do not clear the block cipher padding, allowing a record to contain up to 15 bytes of uninitialized memory, which could include sensitive information (CVE-2011-4576).\n Assertion errors can occur during the handling of malformed X.509 certificates when OpenSSL is built with RFC 3779 support (CVE-2011-4577).\n A resource management error can occur when OpenSSL&rsquo;s server gated cryptography (SGC) does not properly handle handshake restarts (CVE-2011-4619).\n Invalid parameters in the GOST block cipher are not properly handled by the GOST ENGINE(CVE-2012-0027).\n An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).\n Impact :\n\n A remote attacker may be able to cause a Denial of Service or obtain sensitive information, including plaintext passwords.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2012-03-06T00:00:00", "title": "GLSA-201203-12 : OpenSSL: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2018-07-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201203-12.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58222", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58222);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"GLSA\", value:\"201203-12\");\n\n script_name(english:\"GLSA-201203-12 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-12\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL:\n Timing differences for decryption are exposed by CBC mode encryption\n in OpenSSL&rsquo;s implementation of DTLS (CVE-2011-4108).\n A policy check failure can result in a double-free error when\n X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109).\n Clients and servers using SSL 3.0 handshakes do not clear the block\n cipher padding, allowing a record to contain up to 15 bytes of\n uninitialized memory, which could include sensitive information\n (CVE-2011-4576).\n Assertion errors can occur during the handling of malformed X.509\n certificates when OpenSSL is built with RFC 3779 support\n (CVE-2011-4577).\n A resource management error can occur when OpenSSL&rsquo;s server gated\n cryptography (SGC) does not properly handle handshake restarts\n (CVE-2011-4619).\n Invalid parameters in the GOST block cipher are not properly handled\n by the GOST ENGINE(CVE-2012-0027).\n An incorrect fix for CVE-2011-4108 creates an unspecified\n vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).\n \nImpact :\n\n A remote attacker may be able to cause a Denial of Service or obtain\n sensitive information, including plaintext passwords.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.0g'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.0g\", \"rge 0.9.8t\", \"rge 0.9.8u\", \"rge 0.9.8v\", \"rge 0.9.8w\", \"rge 0.9.8x\", \"rge 0.9.8y\", \"rge 0.9.8z_p1\", \"rge 0.9.8z_p2\", \"rge 0.9.8z_p3\", \"rge 0.9.8z_p4\", \"rge 0.9.8z_p5\", \"rge 0.9.8z_p6\", \"rge 0.9.8z_p7\", \"rge 0.9.8z_p8\", \"rge 0.9.8z_p9\", \"rge 0.9.8z_p10\", \"rge 0.9.8z_p11\", \"rge 0.9.8z_p12\", \"rge 0.9.8z_p13\", \"rge 0.9.8z_p14\", \"rge 0.9.8z_p15\"), vulnerable:make_list(\"lt 1.0.0g\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:52", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=739719", "http://lists.opensuse.org/opensuse-updates/2012-01/msg00029.html"], "pluginID": "75598", "description": "Various security vulnerabilities have been fixed in openssl :\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures (CVE-2011-4577) \n\n - SGC restart DoS attack (CVE-2011-4619)\n\n - invalid GOST parameters DoS attack (CVE-2012-0027)", "edition": 5, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2018-07-31T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl-devel", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:libopenssl1_0_0"], "id": "SUSE_11_3_LIBOPENSSL-DEVEL-120111.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75598", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-5634.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75598);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/31 17:27:54\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)\");\n script_summary(english:\"Check for the libopenssl-devel-5634 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security vulnerabilities have been fixed in openssl :\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures\n (CVE-2011-4577) \n\n - SGC restart DoS attack (CVE-2011-4619)\n\n - invalid GOST parameters DoS attack (CVE-2012-0027)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2012-01/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739719\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl-devel-1.0.0-6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl1_0_0-1.0.0-6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"openssl-1.0.0-6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0-6.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:45:08", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-January/002567.html"], "pluginID": "68438", "description": "From Red Hat Security Advisory 2012:0060 :\n\nUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : openssl (ELSA-2012-0060)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4109"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2012-0060.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68438", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0060 and \n# Oracle Linux Security Advisory ELSA-2012-0060 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68438);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"RHSA\", value:\"2012:0060\");\n\n script_name(english:\"Oracle Linux 5 : openssl (ELSA-2012-0060)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0060 :\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in\nOpenSSL. A remote attacker could use this flaw to crash an application\nthat uses OpenSSL by providing an X.509 certificate that has specially\ncrafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-January/002567.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-20.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-20.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-20.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:33:38", "references": ["http://www.nessus.org/u?6f2059af"], "pluginID": "61224", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : openssl on SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4109"], "modified": "2014-08-16T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120124_OPENSSL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61224", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61224);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in\nOpenSSL. A remote attacker could use this flaw to crash an application\nthat uses OpenSSL by providing an X.509 certificate that has specially\ncrafted policy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-errata&T=0&P=1447\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f2059af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl-0.9.8e-20.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-debuginfo-0.9.8e-20.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-devel-0.9.8e-20.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-perl-0.9.8e-20.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:11", "references": ["http://support.novell.com/security/cve/CVE-2011-4109.html", "http://support.novell.com/security/cve/CVE-2011-4108.html", "http://support.novell.com/security/cve/CVE-2011-4576.html", "http://support.novell.com/security/cve/CVE-2011-4619.html", "http://support.novell.com/security/cve/CVE-2011-4577.html"], "pluginID": "57570", "description": "Various security vulnerabilities have been fixed in OpenSSL :\n\n - DTLS plaintext recovery attack. (CVE-2011-4108)\n\n - double-free in Policy Checks. (CVE-2011-4109)\n\n - uninitialized SSL 3.0 padding. (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures.\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)", "edition": 4, "reporter": "Tenable", "published": "2012-01-17T00:00:00", "title": "SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2011-4109"], "modified": "2012-06-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENSSL-7923.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57570", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57570);\n script_version (\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2012/06/14 20:11:56 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security vulnerabilities have been fixed in OpenSSL :\n\n - DTLS plaintext recovery attack. (CVE-2011-4108)\n\n - double-free in Policy Checks. (CVE-2011-4109)\n\n - uninitialized SSL 3.0 padding. (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures.\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4108.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4576.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4577.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4619.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7923.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-devel-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-devel-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-doc-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.56.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:55", "references": [], "pluginID": "70708", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 2390-1.", "edition": 2, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 2390-1 (openssl)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4354", "CVE-2011-4109"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70708", "id": "OPENVAS:70708", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2390_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2390-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\nCVE-2011-4108\nThe DTLS implementation performs a MAC check only if certain\npadding is valid, which makes it easier for remote attackers\nto recover plaintext via a padding oracle attack.\n\nCVE-2011-4109\nA double free vulnerability when X509_V_FLAG_POLICY_CHECK is\nenabled, allows remote attackers to cause applications crashes\nand potentially allow execution of arbitrary code by\ntriggering failure of a policy check.\n\nCVE-2011-4354\nOn 32-bit systems, the operations on NIST elliptic curves\nP-256 and P-384 are not correctly implemented, potentially\nleaking the private ECC key of a TLS server. (Regular\nRSA-based keys are not affected by this vulnerability.)\n\nCVE-2011-4576\nThe SSL 3.0 implementation does not properly initialize data\nstructures for block cipher padding, which might allow remote\nattackers to obtain sensitive information by decrypting the\npadding data sent by an SSL peer.\n\nCVE-2011-4619\nThe Server Gated Cryptography (SGC) implementation in OpenSSL\ndoes not properly handle handshake restarts, unnecessarily\nsimplifying CPU exhaustion attacks.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 2390-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202390-1\";\n\nif(description)\n{\n script_id(70708);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:28:14 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2390-1 (openssl)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-15+lenny13\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:47", "references": [], "pluginID": "136141256231070708", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 2390-1.", "edition": 3, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-02-11T00:00:00", "title": "Debian Security Advisory DSA 2390-1 (openssl)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4354", "CVE-2011-4109"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231070708", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070708", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2390_1.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from advisory DSA 2390-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\nCVE-2011-4108\nThe DTLS implementation performs a MAC check only if certain\npadding is valid, which makes it easier for remote attackers\nto recover plaintext via a padding oracle attack.\n\nCVE-2011-4109\nA double free vulnerability when X509_V_FLAG_POLICY_CHECK is\nenabled, allows remote attackers to cause applications crashes\nand potentially allow execution of arbitrary code by\ntriggering failure of a policy check.\n\nCVE-2011-4354\nOn 32-bit systems, the operations on NIST elliptic curves\nP-256 and P-384 are not correctly implemented, potentially\nleaking the private ECC key of a TLS server. (Regular\nRSA-based keys are not affected by this vulnerability.)\n\nCVE-2011-4576\nThe SSL 3.0 implementation does not properly initialize data\nstructures for block cipher padding, which might allow remote\nattackers to obtain sensitive information by decrypting the\npadding data sent by an SSL peer.\n\nCVE-2011-4619\nThe Server Gated Cryptography (SGC) implementation in OpenSSL\ndoes not properly handle handshake restarts, unnecessarily\nsimplifying CPU exhaustion attacks.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 2390-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202390-1\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70708\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:28:14 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2390-1 (openssl)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-15+lenny13\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:29", "references": ["2012:007", "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:007"], "pluginID": "1361412562310831679", "description": "Check for the Version of openssl", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-03T00:00:00", "title": "Mandriva Update for openssl MDVSA-2012:007 (openssl)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0027", "CVE-2011-4109"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310831679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openssl MDVSA-2012:007 (openssl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in openssl:\n\n The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f\n performs a MAC check only if certain padding is valid, which makes\n it easier for remote attackers to recover plaintext via a padding\n oracle attack (CVE-2011-4108).\n\n Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when\n X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to\n have an unspecified impact by triggering failure of a policy check\n (CVE-2011-4109).\n\n The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before\n 1.0.0f does not properly initialize data structures for block cipher\n padding, which might allow remote attackers to obtain sensitive\n information by decrypting the padding data sent by an SSL peer\n (CVE-2011-4576).\n\n The Server Gated Cryptography (SGC) implementation in OpenSSL before\n 0.9.8s and 1.x before 1.0.0f does not properly handle handshake\n restarts, which allows remote attackers to cause a denial of service\n via unspecified vectors (CVE-2011-4619).\n\n The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle\n invalid parameters for the GOST block cipher, which allows remote\n attackers to cause a denial of service (daemon crash) via crafted\n data from a TLS client (CVE-2012-0027).\n\n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"openssl on Mandriva Linux 2011.0\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:007\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831679\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 10:01:30 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\",\n \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:007\");\n script_name(\"Mandriva Update for openssl MDVSA-2012:007 (openssl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-static-devel\", rpm:\"libopenssl-static-devel~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-devel\", rpm:\"lib64openssl-devel~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-static-devel\", rpm:\"lib64openssl-static-devel~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:07:33", "references": ["2012:007", "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:007"], "pluginID": "831679", "description": "Check for the Version of openssl", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-03T00:00:00", "title": "Mandriva Update for openssl MDVSA-2012:007 (openssl)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0027", "CVE-2011-4109"], "modified": "2018-01-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831679", "id": "OPENVAS:831679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openssl MDVSA-2012:007 (openssl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in openssl:\n\n The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f\n performs a MAC check only if certain padding is valid, which makes\n it easier for remote attackers to recover plaintext via a padding\n oracle attack (CVE-2011-4108).\n\n Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when\n X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to\n have an unspecified impact by triggering failure of a policy check\n (CVE-2011-4109).\n\n The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before\n 1.0.0f does not properly initialize data structures for block cipher\n padding, which might allow remote attackers to obtain sensitive\n information by decrypting the padding data sent by an SSL peer\n (CVE-2011-4576).\n\n The Server Gated Cryptography (SGC) implementation in OpenSSL before\n 0.9.8s and 1.x before 1.0.0f does not properly handle handshake\n restarts, which allows remote attackers to cause a denial of service\n via unspecified vectors (CVE-2011-4619).\n\n The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle\n invalid parameters for the GOST block cipher, which allows remote\n attackers to cause a denial of service (daemon crash) via crafted\n data from a TLS client (CVE-2012-0027).\n\n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"openssl on Mandriva Linux 2011.0\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:007\");\n script_id(831679);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 10:01:30 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\",\n \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:007\");\n script_name(\"Mandriva Update for openssl MDVSA-2012:007 (openssl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-static-devel\", rpm:\"libopenssl-static-devel~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-devel\", rpm:\"lib64openssl-devel~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-static-devel\", rpm:\"lib64openssl-static-devel~1.0.0d~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:51", "references": ["http://linux.oracle.com/errata/ELSA-2012-0060.html"], "pluginID": "1361412562310122003", "description": "Oracle Linux Local Security Checks ELSA-2012-0060", "edition": 4, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2012-0060", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310122003", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122003", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2012-0060.nasl 6557 2017-07-06 11:55:33Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.122003\");\nscript_version(\"$Revision: 6557 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 14:11:33 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:55:33 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2012-0060\");\nscript_tag(name: \"insight\", value: \"ELSA-2012-0060 - openssl security update - [0.9.8e-20.1]- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770)- fix for CVE-2011-4109 - double free in policy checks (#771771)- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2012-0060\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2012-0060.html\");\nscript_cve_id(\"CVE-2011-4108\",\"CVE-2011-4109\",\"CVE-2011-4576\",\"CVE-2011-4619\");\nscript_tag(name:\"cvss_base\", value:\"9.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~20.el5_7.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~20.el5_7.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~20.el5_7.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:34", "references": [], "pluginID": "136141256231070756", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 3, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-02-12T00:00:00", "title": "FreeBSD Ports: openssl", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2011-4109"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231070756", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070756", "sourceData": "#\n#VID 78cc8a46-3e56-11e1-89b4-001ec9578670\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 78cc8a46-3e56-11e1-89b4-001ec9578670\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: openssl\n\nCVE-2011-4108\nThe DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f\nperforms a MAC check only if certain padding is valid, which makes it\neasier for remote attackers to recover plaintext via a padding oracle\nattack.\n\nCVE-2011-4109\nDouble free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when\nX509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have\nan unspecified impact by triggering failure of a policy check.\n\nCVE-2011-4576\nThe SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before\n1.0.0f does not properly initialize data structures for block cipher\npadding, which might allow remote attackers to obtain sensitive\ninformation by decrypting the padding data sent by an SSL peer.\n\nCVE-2011-4577\nOpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is\nenabled, allows remote attackers to cause a denial of service\n(assertion failure) via an X.509 certificate containing\ncertificate-extension data associated with (1) IP address blocks or\n(2) Autonomous System (AS) identifiers.\n\nCVE-2011-4619\nThe Server Gated Cryptography (SGC) implementation in OpenSSL before\n0.9.8s and 1.x before 1.0.0f does not properly handle handshake\nrestarts, which allows remote attackers to cause a denial of service\nvia unspecified vectors.\n\nCVE-2012-0027\nThe GOST ENGINE in OpenSSL before 1.0.0f does not properly handle\ninvalid parameters for the GOST block cipher, which allows remote\nattackers to cause a denial of service (daemon crash) via crafted data\nfrom a TLS client.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://openssl.org/news/secadv_20120104.txt\nhttp://www.vuxml.org/freebsd/78cc8a46-3e56-11e1-89b4-001ec9578670.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70756\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: openssl\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.0_8\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:42", "references": [], "pluginID": "70756", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-02-12T00:00:00", "title": "FreeBSD Ports: openssl", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2011-4109"], "modified": "2017-04-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70756", "id": "OPENVAS:70756", "sourceData": "#\n#VID 78cc8a46-3e56-11e1-89b4-001ec9578670\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 78cc8a46-3e56-11e1-89b4-001ec9578670\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: openssl\n\nCVE-2011-4108\nThe DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f\nperforms a MAC check only if certain padding is valid, which makes it\neasier for remote attackers to recover plaintext via a padding oracle\nattack.\n\nCVE-2011-4109\nDouble free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when\nX509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have\nan unspecified impact by triggering failure of a policy check.\n\nCVE-2011-4576\nThe SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before\n1.0.0f does not properly initialize data structures for block cipher\npadding, which might allow remote attackers to obtain sensitive\ninformation by decrypting the padding data sent by an SSL peer.\n\nCVE-2011-4577\nOpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is\nenabled, allows remote attackers to cause a denial of service\n(assertion failure) via an X.509 certificate containing\ncertificate-extension data associated with (1) IP address blocks or\n(2) Autonomous System (AS) identifiers.\n\nCVE-2011-4619\nThe Server Gated Cryptography (SGC) implementation in OpenSSL before\n0.9.8s and 1.x before 1.0.0f does not properly handle handshake\nrestarts, which allows remote attackers to cause a denial of service\nvia unspecified vectors.\n\nCVE-2012-0027\nThe GOST ENGINE in OpenSSL before 1.0.0f does not properly handle\ninvalid parameters for the GOST block cipher, which allows remote\nattackers to cause a denial of service (daemon crash) via crafted data\nfrom a TLS client.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://openssl.org/news/secadv_20120104.txt\nhttp://www.vuxml.org/freebsd/78cc8a46-3e56-11e1-89b4-001ec9578670.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70756);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_version(\"$Revision: 5940 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: openssl\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.0_8\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-04T13:36:40", "references": ["http://www.openssl.org", "http://www.openssl.org/news/secadv_20120104.txt", "http://www.securityfocus.com/bid/51281"], "pluginID": "1361412562310103394", "description": "OpenSSL prone to multiple security vulnerabilities.\n\nAn attacker may leverage these issues to obtain sensitive information,\ncause a denial-of-service condition and perform unauthorized actions.", "edition": 5, "reporter": "This script is Copyright (C) 2012 Greenbone Networks GmbH", "published": "2012-01-20T00:00:00", "title": "OpenSSL Multiple Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2011-4109"], "modified": "2018-08-30T00:00:00", "id": "OPENVAS:1361412562310103394", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103394", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_51281.nasl 11167 2018-08-30 12:04:11Z asteins $\n#\n# OpenSSL Multiple Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103394\");\n script_bugtraq_id(51281);\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_version(\"$Revision: 11167 $\");\n\n script_name(\"OpenSSL Multiple Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/51281\");\n script_xref(name:\"URL\", value:\"http://www.openssl.org\");\n script_xref(name:\"URL\", value:\"http://www.openssl.org/news/secadv_20120104.txt\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-30 14:04:11 +0200 (Thu, 30 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-20 11:28:16 +0100 (Fri, 20 Jan 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_openssl_detect.nasl\");\n script_mandatory_keys(\"OpenSSL/installed\");\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n script_tag(name:\"summary\", value:\"OpenSSL prone to multiple security vulnerabilities.\n\nAn attacker may leverage these issues to obtain sensitive information,\ncause a denial-of-service condition and perform unauthorized actions.\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! vers = get_app_version( cpe:CPE ) ) exit(0);\nvers = ereg_replace(string:vers, pattern:\"([a-z]$)\", replace:\".\\1\");\n\nif(vers =~ \"1\\.0\\.\") {\n if(version_is_less(version:vers, test_version:\"1.0.0.f\")) {\n report = 'Installed version: ' + vers + '\\n' +\n 'Fixed version: 1.0.0.f';\n\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nif(vers =~ \"0\\.9\\.\") {\n if(version_is_less(version:vers, test_version:\"0.9.8.s\")) {\n report = 'Installed version: ' + vers + '\\n' +\n 'Fixed version: 0.9.8.s';\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:45", "references": [], "pluginID": "136141256231071196", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-12.", "edition": 3, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-03-12T00:00:00", "title": "Gentoo Security Advisory GLSA 201203-12 (openssl)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231071196", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071196", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in OpenSSL, allowing\n remote attackers to cause a Denial of Service or obtain sensitive\n information.\";\ntag_solution = \"All OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.0g'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-12\nhttp://bugs.gentoo.org/show_bug.cgi?id=397695\nhttp://bugs.gentoo.org/show_bug.cgi?id=399365\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-12.\";\n\n \n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71196\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-12 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.0g\", \"rge 0.9.8t\"), vulnerable: make_list(\"lt 1.0.0g\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:54", "references": [], "pluginID": "71196", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-12.", "edition": 2, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Gentoo Security Advisory GLSA 201203-12 (openssl)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71196", "id": "OPENVAS:71196", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in OpenSSL, allowing\n remote attackers to cause a Denial of Service or obtain sensitive\n information.\";\ntag_solution = \"All OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.0g'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-12\nhttp://bugs.gentoo.org/show_bug.cgi?id=397695\nhttp://bugs.gentoo.org/show_bug.cgi?id=399365\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-12.\";\n\n \n \nif(description)\n{\n script_id(71196);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-12 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.0g\", \"rge 0.9.8t\"), vulnerable: make_list(\"lt 1.0.0g\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:30:16", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "0.9.8o-4squeeze5", "arch": "all", "packageFilename": "openssl_0.9.8o-4squeeze5_all.deb", "packageName": "openssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.9.8g-15+lenny15", "arch": "all", "packageFilename": "openssl_0.9.8g-15+lenny15_all.deb", "packageName": "openssl", "operator": "lt"}], "description": "Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:\n\n * [CVE-2011-4108](<https://security-tracker.debian.org/tracker/CVE-2011-4108>)\n\nThe DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.\n\n * [CVE-2011-4109](<https://security-tracker.debian.org/tracker/CVE-2011-4109>)\n\nA double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check.\n\n * [CVE-2011-4354](<https://security-tracker.debian.org/tracker/CVE-2011-4354>)\n\nOn 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. (Regular RSA-based keys are not affected by this vulnerability.)\n\n * [CVE-2011-4576](<https://security-tracker.debian.org/tracker/CVE-2011-4576>)\n\nThe SSL 3.0 implementation does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.\n\n * [CVE-2011-4619](<https://security-tracker.debian.org/tracker/CVE-2011-4619>)\n\nThe Server Gated Cryptography (SGC) implementation in OpenSSL does not properly handle handshake restarts, unnecessarily simplifying CPU exhaustion attacks.\n\nFor the oldstable distribution (lenny), these problems have been fixed in version 0.9.8g-15+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze5.\n\nFor the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.0.0f-1.\n\nWe recommend that you upgrade your openssl packages.", "edition": 1, "reporter": "Debian", "published": "2012-01-15T00:00:00", "title": "openssl -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4354", "CVE-2011-4109"], "modified": "2012-01-15T00:00:00", "id": "DSA-2390", "href": "http://www.debian.org/security/dsa-2390", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:24:23", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "0.9.8o-4squeeze7", "packageFilename": "openssl_0.9.8o-4squeeze7_all.deb", "packageName": "openssl", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.9.8g-15+lenny16", "packageFilename": "openssl_0.9.8g-15+lenny16_all.deb", "packageName": "openssl", "arch": "all", "operator": "lt"}], "edition": 1, "description": "Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue.\n\nFor the oldstable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny16.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 0.9.8o-4squeeze7.\n\nFor the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1.0.0g-1.\n\nWe recommend that you upgrade your openssl packages.", "reporter": "Debian", "published": "2012-01-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "openssl -- out-of-bounds read", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0050"], "modified": "2012-01-23T00:00:00", "href": "http://www.debian.org/security/dsa-2392", "id": "DSA-2392", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:44:57", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "x86_64", "packageFilename": "openssl-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "src", "packageFilename": "openssl-0.9.8e-20.el5_7.1.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "src", "packageFilename": "openssl-0.9.8e-20.el5_7.1.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "src", "packageFilename": "openssl-0.9.8e-20.el5_7.1.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ia64", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.ia64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i686", "packageFilename": "openssl-0.9.8e-20.el5_7.1.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i686", "packageFilename": "openssl-0.9.8e-20.el5_7.1.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i686", "packageFilename": "openssl-0.9.8e-20.el5_7.1.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "x86_64", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ia64", "packageFilename": "openssl-0.9.8e-20.el5_7.1.ia64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ia64", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.ia64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i386", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i386", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i386", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i386", "packageFilename": "openssl-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "x86_64", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}], "description": "[0.9.8e-20.1]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4109 - double free in policy checks (#771771)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)", "edition": 3, "reporter": "Oracle", "published": "2012-01-24T00:00:00", "title": "openssl security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2012-01-24T00:00:00", "id": "ELSA-2012-0060", "href": "http://linux.oracle.com/errata/ELSA-2012-0060.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:49:30", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageFilename": "openssl-perl-1.0.0-20.el6_2.1.i686.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageFilename": "openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "src", "packageFilename": "openssl-1.0.0-20.el6_2.1.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "src", "packageFilename": "openssl-1.0.0-20.el6_2.1.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageFilename": "openssl-1.0.0-20.el6_2.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageFilename": "openssl-1.0.0-20.el6_2.1.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageFilename": "openssl-1.0.0-20.el6_2.1.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.i686.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.i686.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageFilename": "openssl-static-1.0.0-20.el6_2.1.i686.rpm", "packageName": "openssl-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageFilename": "openssl-static-1.0.0-20.el6_2.1.x86_64.rpm", "packageName": "openssl-static", "operator": "lt"}], "description": "[1.0.0-20.1]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)", "edition": 3, "reporter": "Oracle", "published": "2012-01-24T00:00:00", "title": "openssl security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0050"], "modified": "2012-01-24T00:00:00", "id": "ELSA-2012-0059", "href": "http://linux.oracle.com/errata/ELSA-2012-0059.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T01:47:44", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageFilename": "openssl-0.9.7a-43.18.el4.i386.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i686", "packageFilename": "openssl-0.9.7a-43.18.el4.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i686", "packageFilename": "openssl-0.9.7a-43.18.el4.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i686", "packageFilename": "openssl-0.9.7a-43.18.el4.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "x86_64", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "x86_64", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "x86_64", "packageFilename": "openssl-0.9.7a-43.18.el4.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ia64", "packageFilename": "openssl-0.9.7a-43.18.el4.ia64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ia64", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.ia64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.i386.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ia64", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.ia64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "src", "packageFilename": "openssl-0.9.7a-43.18.el4.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "src", "packageFilename": "openssl-0.9.7a-43.18.el4.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "src", "packageFilename": "openssl-0.9.7a-43.18.el4.src.rpm", "packageName": "openssl", "operator": "lt"}], "description": "[0.9.7a-43.18]\n- CVE-2011-4576 - properly initialize SSL 3.0 block cipher padding (#771775)\n- CVE-2011-4619 - fix SGC restart DoS attack (#771780)", "edition": 3, "reporter": "Oracle", "published": "2012-02-01T00:00:00", "title": "openssl security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4576", "CVE-2011-4619"], "modified": "2012-02-01T00:00:00", "id": "ELSA-2012-0086", "href": "http://linux.oracle.com/errata/ELSA-2012-0086.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T01:49:27", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-51.ksplice1.el7_2.7", "arch": "x86_64", "packageFilename": "openssl-libs-1.0.1e-51.ksplice1.el7_2.7.x86_64.rpm", "packageName": "openssl-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-51.ksplice1.el7_2.7", "arch": "i686", "packageFilename": "openssl-devel-1.0.1e-51.ksplice1.el7_2.7.i686.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-48.ksplice1.el6_8.3", "arch": "i686", "packageFilename": "openssl-1.0.1e-48.ksplice1.el6_8.3.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-51.ksplice1.el7_2.7", "arch": "x86_64", "packageFilename": "openssl-perl-1.0.1e-51.ksplice1.el7_2.7.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-51.ksplice1.el7_2.7", "arch": "x86_64", "packageFilename": "openssl-static-1.0.1e-51.ksplice1.el7_2.7.x86_64.rpm", "packageName": "openssl-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-48.ksplice1.el6_8.3", "arch": "x86_64", "packageFilename": "openssl-perl-1.0.1e-48.ksplice1.el6_8.3.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-48.ksplice1.el6_8.3", "arch": "x86_64", "packageFilename": "openssl-1.0.1e-48.ksplice1.el6_8.3.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-51.ksplice1.el7_2.7", "arch": "src", "packageFilename": "openssl-1.0.1e-51.ksplice1.el7_2.7.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-48.ksplice1.el6_8.3", "arch": "x86_64", "packageFilename": "openssl-static-1.0.1e-48.ksplice1.el6_8.3.x86_64.rpm", "packageName": "openssl-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-51.ksplice1.el7_2.7", "arch": "x86_64", "packageFilename": "openssl-devel-1.0.1e-51.ksplice1.el7_2.7.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-51.ksplice1.el7_2.7", "arch": "i686", "packageFilename": "openssl-libs-1.0.1e-51.ksplice1.el7_2.7.i686.rpm", "packageName": "openssl-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-48.ksplice1.el6_8.3", "arch": "x86_64", "packageFilename": "openssl-devel-1.0.1e-48.ksplice1.el6_8.3.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-48.ksplice1.el6_8.3", "arch": "src", "packageFilename": "openssl-1.0.1e-48.ksplice1.el6_8.3.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-51.ksplice1.el7_2.7", "arch": "x86_64", "packageFilename": "openssl-1.0.1e-51.ksplice1.el7_2.7.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-51.ksplice1.el7_2.7", "arch": "i686", "packageFilename": "openssl-static-1.0.1e-51.ksplice1.el7_2.7.i686.rpm", "packageName": "openssl-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-48.ksplice1.el6_8.3", "arch": "i686", "packageFilename": "openssl-devel-1.0.1e-48.ksplice1.el6_8.3.i686.rpm", "packageName": "openssl-devel", "operator": "lt"}], "description": "[1.0.1e-48.3]\n- fix CVE-2016-2177 - possible integer overflow\n- fix CVE-2016-2178 - non-constant time DSA operations\n- fix CVE-2016-2179 - further DoS issues in DTLS\n- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()\n- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue\n- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()\n- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check\n- fix CVE-2016-6304 - unbound memory growth with OCSP status request\n- fix CVE-2016-6306 - certificate message OOB reads\n- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to\n 112 bit effective strength\n- replace expired testing certificates\n[1.0.1e-48.1]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n- fix CVE-2016-0799 - memory issues in BIO_printf\n[1.0.1e-48]\n- fix CVE-2016-0702 - side channel attack on modular exponentiation\n- fix CVE-2016-0705 - double-free in DSA private key parsing\n- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n[1.0.1e-47]\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[1.0.1e-46]\n- fix 1-byte memory leak in pkcs12 parse (#1229871)\n- document some options of the speed command (#1197095)\n[1.0.1e-45]\n- fix high-precision timestamps in timestamping authority\n[1.0.1e-44]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n[1.0.1e-43]\n- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n- fix CVE-2015-3196 - race condition when handling PSK identity hint\n[1.0.1e-42]\n- fix regression caused by mistake in fix for CVE-2015-1791\n[1.0.1e-41]\n- improved fix for CVE-2015-1791\n- add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n[1.0.1e-40]\n- fix CVE-2014-8176 - invalid free in DTLS buffering code\n- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n- fix CVE-2015-1791 - race condition handling NewSessionTicket\n- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n[1.0.1e-39]\n- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on\n read in multithreaded applications\n[1.0.1e-38]\n- fix CVE-2015-4000 - prevent the logjam attack on client - restrict\n the DH key size to at least 768 bits (limit will be increased in future)\n[1.0.1e-37]\n- drop the AES-GCM restriction of 2^32 operations because the IV is\n always 96 bits (32 bit fixed field + 64 bit invocation field)\n[1.0.1e-36]\n- update fix for CVE-2015-0287 to what was released upstream\n[1.0.1e-35]\n- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()\n- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference\n- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n- fix CVE-2015-0292 - integer underflow in base64 decoder\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n[1.0.1e-34]\n- copy digest algorithm when handling SNI context switch\n- improve documentation of ciphersuites - patch by Hubert Kario\n- add support for setting Kerberos service and keytab in\n s_server and s_client\n[1.0.1e-33]\n- fix CVE-2014-3570 - incorrect computation in BN_sqr()\n- fix CVE-2014-3571 - possible crash in dtls1_get_record()\n- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state\n- fix CVE-2014-8275 - various certificate fingerprint issues\n- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export\n ciphersuites and on server\n- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate\n- fix CVE-2015-0206 - possible memory leak when buffering DTLS records\n[1.0.1e-32]\n- use FIPS approved method for computation of d in RSA\n[1.0.1e-31]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-30]\n- add ECC TLS extensions to DTLS (#1119800)\n[1.0.1e-29]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-28]\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n[1.0.1e-26]\n- drop EXPORT, RC2, and DES from the default cipher list (#1057520)\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- do not include ECC ciphersuites in SSLv2 client hello (#1090952)\n- properly detect encryption failure in BIO (#1100819)\n- fail on hmac integrity check if the .hmac file is empty (#1105567)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-25]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-24]\n- add back support for secp521r1 EC curve\n[1.0.1e-23]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-22]\n- use 2048 bit RSA key in FIPS selftests\n[1.0.1e-21]\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make 3des strength to be 128 bits instead of 168 (#1056616)\n- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits\n- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)\n- FIPS mode: add DH selftest\n- FIPS mode: reseed DRBG properly on RAND_add()\n- FIPS mode: add RSA encrypt/decrypt selftest\n- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-20]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-19]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-18]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-17]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document", "edition": 3, "reporter": "Oracle", "published": "2016-09-27T00:00:00", "title": "openssl security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2013-0166", "CVE-2014-3505", "CVE-2012-2333", "CVE-2014-3508", "CVE-2015-1792", "CVE-2014-3566", "CVE-2015-3197", "CVE-2011-4108", "CVE-2014-3572", "CVE-2016-6306", "CVE-2016-0705", "CVE-2015-0206", "CVE-2015-1789", "CVE-2016-2183", "CVE-2013-0169", "CVE-2015-0286", "CVE-2013-6449", "CVE-2016-2178", "CVE-2014-3507", "CVE-2015-3195", "CVE-2016-2108", "CVE-2011-4576", "CVE-2014-3571", "CVE-2016-0799", "CVE-2016-6302", "CVE-2014-3513", "CVE-2016-2177", "CVE-2015-0288", "CVE-2012-1165", "CVE-2011-4577", "CVE-2014-0224", "CVE-2016-2105", "CVE-2015-3194", "CVE-2016-2107", "CVE-2011-4619", "CVE-2014-3511", "CVE-2011-0014", "CVE-2014-8275", "CVE-2016-2180", "CVE-2016-0797", "CVE-2016-0702", "CVE-2014-3570", "CVE-2015-7575", "CVE-2015-3196", "CVE-2014-3470", "CVE-2014-3506", "CVE-2016-2109", "CVE-2012-4929", "CVE-2016-2181", "CVE-2016-6304", "CVE-2013-6450", "CVE-2012-0050", "CVE-2015-0293", "CVE-2010-5298", "CVE-2014-0160", "CVE-2014-8176", "CVE-2013-4353", "CVE-2014-0195", "CVE-2014-0198", "CVE-2015-0209", "CVE-2014-3567", "CVE-2015-0204", "CVE-2012-2110", "CVE-2012-0884", "CVE-2015-1790", "CVE-2014-3510", "CVE-2016-2182", "CVE-2015-0287", "CVE-2011-3207", "CVE-2015-0289", "CVE-2015-3216", "CVE-2015-0292", "CVE-2015-0205", "CVE-2016-2179", "CVE-2016-2106", "CVE-2014-3509", "CVE-2015-1791", "CVE-2014-0221"], "modified": "2016-09-27T00:00:00", "id": "ELSA-2016-3621", "href": "http://linux.oracle.com/errata/ELSA-2016-3621.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:50", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1m-2.0.1.el6", "arch": "x86_64", "packageFilename": "openssl-fips-perl-1.0.1m-2.0.1.el6.x86_64.rpm", "packageName": "openssl-fips-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1m-2.0.1.el6", "arch": "x86_64", "packageFilename": "openssl-fips-static-1.0.1m-2.0.1.el6.x86_64.rpm", "packageName": "openssl-fips-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1m-2.0.1.el6", "arch": "x86_64", "packageFilename": "openssl-fips-devel-1.0.1m-2.0.1.el6.x86_64.rpm", "packageName": "openssl-fips-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1m-2.0.1.el6", "arch": "src", "packageFilename": "openssl-fips-1.0.1m-2.0.1.el6.src.rpm", "packageName": "openssl-fips", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1m-2.0.1.el6", "arch": "x86_64", "packageFilename": "openssl-fips-1.0.1m-2.0.1.el6.x86_64.rpm", "packageName": "openssl-fips", "operator": "lt"}], "description": "[1.0.1m-2.0.1]\n- update to upstream 1.0.1m\n- update to fips canister 2.0.9\n- regenerated below patches\n openssl-1.0.1-beta2-rpmbuild.patch\n openssl-1.0.1m-rhcompat.patch\n openssl-1.0.1m-ecc-suiteb.patch\n openssl-1.0.1m-fips-mode.patch\n openssl-1.0.1m-version.patch\n openssl-1.0.1m-evp-devel.patch\n[1.0.1j-2.0.4]\n- [Orabug 20182267] The openssl-fips-devel package should Provide:\n openssl-devel and openssl-devel(x86-64) like the standard -devel\n package\n- The openssl-fips-devel package should include fips.h and fips_rand.h\n for apps that want to build against FIPS* APIs\n[1.0.1j-2.0.3]\n- [Orabug 20086847] reintroduce patch openssl-1.0.1e-ecc-suiteb.patch,\n update ec_curve.c which gets copied into build tree to match the patch\n (ie only have curves which are advertised). The change items from the\n orignal patch are as follows:\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1j-2.0.2]\n- update README.FIPS with step-by-step install instructions\n[1.0.1j-2.0.1]\n- update to upstream 1.0.1j\n- change name to openssl-fips\n- change Obsoletes: openssl to Conflicts: openssl\n- add Provides: openssl\n[1.0.1i-2.0.3.fips]\n- update to fips canister 2.0.8 to remove Dual EC DRBG\n- run gcc -v so the gcc build version is captured in the build log\n[1.0.1i-2.0.2.fips]\n- flip EVP_CIPH_* flag bits for compatibility with original RH patched pkg\n[1.0.1i-2.0.1.fips]\n- build against upstream 1.0.1i\n- build against fips validated canister 2.0.7\n- add patch to support fips=1\n- rename pkg to openssl-fips and Obsolete openssl\n[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-16.7]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-16.4]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-16.3]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-16.2]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-16.1]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)\n[1.0.0-4]\n- openssl man page fix (#609484)\n[1.0.0-3]\n- fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738)\n- fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732)\n[1.0.0-2]\n- make CA dir readable - the private keys are in private subdir (#584810)\n- a few fixes from upstream CVS\n- make X509_NAME_hash_old work in FIPS mode (#568395)\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- a d d e a p - f a s t s u p p o r t ( # 4 2 8 1 8 1 ) b r > - a d d p o s s i b i l i t y t o d i s a b l e z l i b b y s e t t i n g b r > - a d d f i p s m o d e s u p p o r t f o r t e s t i n g p u r p o s e s b r > - d o n o t n u l l d e r e f e r e n c e o n s o m e i n v a l i d s m i m e f i l e s b r > - a d d b u i l d r e q u i r e s p k g c o n f i g ( # 4 7 9 4 9 3 ) b r > b r > [ 0 . 9 . 8 g - 1 1 ] b r > - d o n o t a d d t l s e x t e n s i o n s t o s e r v e r h e l l o f o r S S L v 3 e i t h e r b r > b r > [ 0 . 9 . 8 g - 1 0 ] b r > - m o v e r o o t C A b u n d l e t o c a - c e r t i f i c a t e s p a c k a g e b r > b r > [ 0 . 9 . 8 g - 9 ] b r > - f i x C V E - 2 0 0 8 - 0 8 9 1 - s e r v e r n a m e e x t e n s i o n c r a s h ( # 4 4 8 4 9 2 ) b r > - f i x C V E - 2 0 0 8 - 1 6 7 2 - s e r v e r k e y e x c h a n g e m e s s a g e o m i t c r a s h ( # 4 4 8 4 9 5 ) b r > b r > [ 0 . 9 . 8 g - 8 ] b r > - s u p e r - H a r c h s u p p o r t b r > - d r o p w o r k a r o u n d f o r b u g 1 9 9 6 0 4 a s i t s h o u l d b e f i x e d i n g c c - 4 . 3 b r > b r > [ 0 . 9 . 8 g - 7 ] b r > - s p a r c h a n d l i n g b r > b r > [ 0 . 9 . 8 g - 6 ] b r > - u p d a t e t o n e w r o o t C A b u n d l e f r o m m o z i l l a . o r g ( r 1 . 4 5 ) b r > b r > [ 0 . 9 . 8 g - 5 ] b r > - A u t o r e b u i l d f o r G C C 4 . 3 b r > b r > [ 0 . 9 . 8 g - 4 ] b r > - m e r g e r e v i e w f i x e s ( # 2 2 6 2 2 0 ) b r > - a d j u s t t h e S H L I B _ V E R S I O N _ N U M B E R t o r e f l e c t l i b r a r y n a m e ( # 4 2 9 8 4 6 ) b r > b r > [ 0 . 9 . 8 g - 3 ] b r > - s e t d e f a u l t p a t h s w h e n n o e x p l i c i t p a t h s a r e s e t ( # 4 1 8 7 7 1 ) b r > - d o n o t a d d t l s e x t e n s i o n s t o c l i e n t h e l l o f o r S S L v 3 ( # 4 2 2 0 8 1 ) b r > b r > [ 0 . 9 . 8 g - 2 ] b r > - e n a b l e s o m e n e w c r y p t o a l g o r i t h m s a n d f e a t u r e s b r > - a d d s o m e m o r e i m p o r t a n t b u g f i x e s f r o m o p e n s s l C V S b r > b r > [ 0 . 9 . 8 g - 1 ] b r > - u p d a t e t o l a t e s t u p s t r e a m r e l e a s e , S O N A M E b u m p e d t o 7 b r > b r > [ 0 . 9 . 8 b - 1 7 ] b r > - u p d a t e t o n e w C A b u n d l e f r o m m o z i l l a . o r g b r > b r > [ 0 . 9 . 8 b - 1 6 ] b r > - f i x C V E - 2 0 0 7 - 5 1 3 5 - o f f - b y - o n e i n S S L _ g e t _ s h a r e d _ c i p h e r s ( # 3 0 9 8 0 1 ) b r > - f i x C V E - 2 0 0 7 - 4 9 9 5 - o u t o f o r d e r D T L S f r a g m e n t s b u f f e r o v e r f l o w ( # 3 2 1 1 9 1 ) b r > - a d d a l p h a s u b - a r c h s ( # 2 9 6 0 3 1 ) b r > b r > [ 0 . 9 . 8 b - 1 5 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 8 b - 1 4 ] b r > - u s e l o c a l h o s t i n t e s t s u i t e , h o p e f u l l y f i x e s s l o w b u i l d i n k o j i b r > - C V E - 2 0 0 7 - 3 1 0 8 - f i x s i d e c h a n n e l a t t a c k o n p r i v a t e k e y s ( # 2 5 0 5 7 7 ) b r > - m a k e s s l s e s s i o n c a c h e i d m a t c h i n g s t r i c t ( # 2 3 3 5 9 9 ) b r > b r > [ 0 . 9 . 8 b - 1 3 ] b r > - a l l o w b u i l d i n g o n A R M a r c h i t e c t u r e s ( # 2 4 5 4 1 7 ) b r > - u s e r e f e r e n c e t i m e s t a m p s t o p r e v e n t m u l t i l i b c o n f l i c t s ( # 2 1 8 0 6 4 ) b r > - - d e v e l p a c k a g e m u s t r e q u i r e p k g c o n f i g ( # 2 4 1 0 3 1 ) b r > b r > [ 0 . 9 . 8 b - 1 2 ] b r > - d e t e c t d u p l i c a t e s i n a d d _ d i r p r o p e r l y ( # 2 0 6 3 4 6 ) b r > b r > [ 0 . 9 . 8 b - 1 1 ] b r > - t h e p r e v i o u s c h a n g e s t i l l d i d n ' t m a k e X 5 0 9 _ N A M E _ c m p t r a n s i t i v e b r > b r > [ 0 . 9 . 8 b - 1 0 ] b r > - m a k e X 5 0 9 _ N A M E _ c m p t r a n s i t i v e o t h e r w i s e c e r t i f i c a t e l o o k u p b r > i s b r o k e n ( # 2 1 6 0 5 0 ) b r > b r > [ 0 . 9 . 8 b - 9 ] b r > - a l i a s i n g b u g i n e n g i n e l o a d i n g , p a t c h b y I B M ( # 2 1 3 2 1 6 ) b r > b r > [ 0 . 9 . 8 b - 8 ] b r > - C V E - 2 0 0 6 - 2 9 4 0 f i x w a s i n c o r r e c t ( # 2 0 8 7 4 4 ) b r > b r > [ 0 . 9 . 8 b - 7 ] b r > - f i x C V E - 2 0 0 6 - 2 9 3 7 - m i s h a n d l e d e r r o r o n A S N . 1 p a r s i n g ( # 2 0 7 2 7 6 ) b r > - f i x C V E - 2 0 0 6 - 2 9 4 0 - p a r a s i t i c p u b l i c k e y s D o S ( # 2 0 7 2 7 4 ) b r > - f i x C V E - 2 0 0 6 - 3 7 3 8 - b u f f e r o v e r f l o w i n S S L _ g e t _ s h a r e d _ c i p h e r s ( # 2 0 6 9 4 0 ) b r > - f i x C V E - 2 0 0 6 - 4 3 4 3 - s s l v 2 c l i e n t D o S ( # 2 0 6 9 4 0 ) b r > b r > [ 0 . 9 . 8 b - 6 ] b r > - f i x C V E - 2 0 0 6 - 4 3 3 9 - p r e v e n t a t t a c k o n P K C S # 1 v 1 . 5 s i g n a t u r e s ( # 2 0 5 1 8 0 ) b r > b r > [ 0 . 9 . 8 b - 5 ] b r > - s e t b u f f e r i n g t o n o n e o n s t d i o / s t d o u t F I L E w h e n b u f s i z e i s s e t ( # 2 0 0 5 8 0 ) b r > p a t c h b y I B M b r > b r > [ 0 . 9 . 8 b - 4 . 1 ] b r > - r e b u i l d w i t h n e w b i n u t i l s ( # 2 0 0 3 3 0 ) b r > b r > [ 0 . 9 . 8 b - 4 ] b r > - a d d a t e m p o r a r y w o r k a r o u n d f o r s h a 5 1 2 t e s t f a i l u r e o n s 3 9 0 ( # 1 9 9 6 0 4 ) b r > b r > * T h u J u l 2 0 2 0 0 6 T o m a s M r a z t m r a z @ r e d h a t . c o m > b r > - a d d i p v 6 s u p p o r t t o s _ c l i e n t a n d s _ s e r v e r ( b y J a n P a z d z i o r a ) ( # 1 9 8 7 3 7 ) b r > - a d d p a t c h e s f o r B N t h r e a d s a f e t y , A E S c a c h e c o l l i s i o n a t t a c k h a z a r d f i x a n d b r > p k c s 7 c o d e m e m l e a k f i x f r o m u p s t r e a m C V S b r > b r > [ 0 . 9 . 8 b - 3 . 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 8 b - 3 ] b r > - d r o p p e d l i b i c a a n d i c a e n g i n e f r o m b u i l d b r > b r > * W e d J u n 2 1 2 0 0 6 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - u p d a t e t o n e w C A b u n d l e f r o m m o z i l l a . o r g ; a d d s C A c e r t i f i c a t e s b r > f r o m n e t l o c k . h u a n d s t a r t c o m . o r g b r > b r > [ 0 . 9 . 8 b - 2 ] b r > - f i x e d a f e w r p m l i n t w a r n i n g s b r > - b e t t e r f i x f o r # 1 7 3 3 9 9 f r o m u p s t r e a m b r > - u p s t r e a m f i x f o r p k c s 1 2 b r > b r > [ 0 . 9 . 8 b - 1 ] b r > - u p g r a d e t o n e w v e r s i o n , s t a y s A B I c o m p a t i b l e b r > - t h e r e i s n o m o r e l i n u x / c o n f i g . h ( i t w a s e m p t y a n y w a y ) b r > b r > [ 0 . 9 . 8 a - 6 ] b r > - f i x s t a l e o p e n h a n d l e s i n l i b i c a ( # 1 7 7 1 5 5 ) b r > - f i x b u i l d i f ' r a n d ' o r ' p a s s w d ' i n b u i l d r o o t p a t h ( # 1 7 8 7 8 2 ) b r > - i n i t i a l i z e V I A P a d l o c k e n g i n e ( # 1 8 6 8 5 7 ) b r > b r > [ 0 . 9 . 8 a - 5 . 2 ] b r > - b u m p a g a i n f o r d o u b l e - l o n g b u g o n p p c ( 6 4 ) b r > b r > [ 0 . 9 . 8 a - 5 . 1 ] b r > - r e b u i l t f o r n e w g c c 4 . 1 s n a p s h o t a n d g l i b c c h a n g e s b r > b r > [ 0 . 9 . 8 a - 5 ] b r > - d o n ' t i n c l u d e S S L _ O P _ N E T S C A P E _ R E U S E _ C I P H E R _ C H A N G E _ B U G b r > i n S S L _ O P _ A L L ( # 1 7 5 7 7 9 ) b r > b r > * F r i D e c 0 9 2 0 0 5 J e s s e K e a t i n g j k e a t i n g @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 8 a - 4 ] b r > - f i x b u i l d ( - l c r y p t o w a s e r r o n e u s l y d r o p p e d ) o f t h e u p d a t e d l i b i c a b r > - u p d a t e d I C A e n g i n e t o 1 . 3 . 6 - r c 3 b r > b r > [ 0 . 9 . 8 a - 3 ] b r > - d i s a b l e b u i l t i n c o m p r e s s i o n m e t h o d s f o r n o w u n t i l t h e y w o r k b r > p r o p e r l y ( # 1 7 3 3 9 9 ) b r > b r > [ 0 . 9 . 8 a - 2 ] b r > - d o n ' t s e t - r p a t h f o r o p e n s s l b i n a r y b r > b r > [ 0 . 9 . 8 a - 1 ] b r > - n e w u p s t r e a m v e r s i o n b r > - p a t c h e s p a r t i a l l y r e n u m b e r e d b r > b r > [ 0 . 9 . 7 f - 1 1 ] b r > - u p d a t e d I B M I C A e n g i n e l i b r a r y a n d p a t c h t o l a t e s t u p s t r e a m v e r s i o n b r > b r > [ 0 . 9 . 7 f - 1 0 ] b r > - f i x C A N - 2 0 0 5 - 2 9 6 9 - r e m o v e S S L _ O P _ M S I E _ S S L V 2 _ R S A _ P A D D I N G w h i c h b r > d i s a b l e s t h e c o u n t e r m e a s u r e a g a i n s t m a n i n t h e m i d d l e a t t a c k i n S S L v 2 b r > ( # 1 6 9 8 6 3 ) b r > - u s e s h a 1 a s d e f a u l t f o r C A a n d c e r t r e q u e s t s - C A N - 2 0 0 5 - 2 9 4 6 ( # 1 6 9 8 0 3 ) b r > b r > [ 0 . 9 . 7 f - 9 ] b r > - a d d * . s o . s o v e r s i o n a s s y m l i n k s i n / l i b ( # 1 6 5 2 6 4 ) b r > - r e m o v e u n p a c k a g e d s y m l i n k s ( # 1 5 9 5 9 5 ) b r > - f i x e s f r o m u p s t r e a m ( c o n s t a n t t i m e f i x e s f o r D S A , b r > b n a s s e m b l e r d i v o n p p c a r c h , i n i t i a l i z e m e m o r y o n r e a l l o c ) b r > b r > [ 0 . 9 . 7 f - 8 ] b r > - U p d a t e d I C A e n g i n e I B M p a t c h t o l a t e s t u p s t r e a m v e r s i o n . b r > b r > [ 0 . 9 . 7 f - 7 ] b r > - f i x C A N - 2 0 0 5 - 0 1 0 9 - u s e c o n s t a n t t i m e / m e m o r y a c c e s s m o d _ e x p b r > s o b i t s o f p r i v a t e k e y a r e n ' t l e a k e d b y c a c h e e v i c t i o n ( # 1 5 7 6 3 1 ) b r > - a f e w m o r e f i x e s f r o m u p s t r e a m 0 . 9 . 7 g b r > b r > [ 0 . 9 . 7 f - 6 ] b r > - u s e p o l l i n s t e a d o f s e l e c t i n r a n d ( # 1 2 8 2 8 5 ) b r > - f i x M a k e f i l e . c e r t i f i c a t e t o p o i n t t o / e t c / p k i / t l s b r > - c h a n g e t h e d e f a u l t s t r i n g m a s k i n A S N 1 t o P r i n t a b l e S t r i n g + U T F 8 S t r i n g b r > b r > [ 0 . 9 . 7 f - 5 ] b r > - u p d a t e t o r e v i s i o n 1 . 3 7 o f M o z i l l a C A b u n d l e b r > b r > [ 0 . 9 . 7 f - 4 ] b r > - m o v e c e r t i f i c a t e s t o _ s y s c o n f d i r / p k i / t l s ( # 1 4 3 3 9 2 ) b r > - m o v e C A d i r e c t o r i e s t o _ s y s c o n f d i r / p k i / C A b r > - p a t c h t h e C A s c r i p t a n d t h e d e f a u l t c o n f i g s o i t p o i n t s t o t h e b r > C A d i r e c t o r i e s b r > b r > [ 0 . 9 . 7 f - 3 ] b r > - u n i n i t i a l i z e d v a r i a b l e m u s t n ' t b e u s e d a s i n p u t i n i n l i n e b r > a s s e m b l y b r > - r e e n a b l e t h e x 8 6 _ 6 4 a s s e m b l y a g a i n b r > b r > [ 0 . 9 . 7 f - 2 ] b r > - a d d b a c k R C 4 _ C H A R o n i a 6 4 a n d x 8 6 _ 6 4 s o t h e A B I i s n ' t b r o k e n b r > - d i s a b l e b r o k e n b i g n u m a s s e m b l y o n x 8 6 _ 6 4 b r > b r > [ 0 . 9 . 7 f - 1 ] b r > - r e e n a b l e o p t i m i z a t i o n s o n p p c 6 4 a n d a s s e m b l y c o d e o n i a 6 4 b r > - u p g r a d e t o n e w u p s t r e a m v e r s i o n ( n o s o n a m e b u m p n e e d e d ) b r > - d i s a b l e t h r e a d t e s t - i t w a s t e s t i n g t h e b a c k p o r t o f t h e b r > R S A b l i n d i n g - n o l o n g e r n e e d e d b r > - a d d e d s u p p o r t f o r c h a n g i n g s e r i a l n u m b e r t o b r > M a k e f i l e . c e r t i f i c a t e ( # 1 5 1 1 8 8 ) b r > - m a k e c a - b u n d l e . c r t a c o n f i g f i l e ( # 1 1 8 9 0 3 ) b r > b r > [ 0 . 9 . 7 e - 3 ] b r > - l i b c r y p t o s h o u l d n ' t d e p e n d o n l i b k r b 5 ( # 1 3 5 9 6 1 ) b r > b r > [ 0 . 9 . 7 e - 2 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 e - 1 ] b r > - n e w u p s t r e a m s o u r c e , u p d a t e d p a t c h e s b r > - a d d e d p a t c h s o w e a r e h o p e f u l l y A B I c o m p a t i b l e w i t h u p c o m i n g b r > 0 . 9 . 7 f b r > b r > * T h u F e b 1 0 2 0 0 5 T o m a s M r a z t m r a z @ r e d h a t . c o m > b r > - S u p p o r t U T F - 8 c h a r s e t i n t h e M a k e f i l e . c e r t i f i c a t e ( # 1 3 4 9 4 4 ) b r > - A d d e d c m p t o B u i l d P r e r e q b r > b r > [ 0 . 9 . 7 a - 4 6 ] b r > - g e n e r a t e n e w c a - b u n d l e . c r t f r o m M o z i l l a c e r t d a t a . t x t ( r e v i s i o n 1 . 3 2 ) b r > b r > [ 0 . 9 . 7 a - 4 5 ] b r > - F i x e d a n d u p d a t e d l i b i c a - 1 . 3 . 4 - u r a n d o m . p a t c h p a t c h ( # 1 2 2 9 6 7 ) b r > b r > [ 0 . 9 . 7 a - 4 4 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 3 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 2 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 1 ] b r > - r e m o v e d e r _ c h o p , a s u p s t r e a m c v s h a s d o n e ( C A N - 2 0 0 4 - 0 9 7 5 , # 1 4 0 0 4 0 ) b r > b r > [ 0 . 9 . 7 a - 4 0 ] b r > - I n c l u d e l a t e s t l i b i c a v e r s i o n w i t h i m p o r t a n t b u g f i x e s b r > b r > * T u e J u n 1 5 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 3 8 ] b r > - U p d a t e d I C A e n g i n e I B M p a t c h t o l a t e s t u p s t r e a m v e r s i o n . b r > b r > [ 0 . 9 . 7 a - 3 7 ] b r > - b u i l d f o r l i n u x - a l p h a - g c c i n s t e a d o f a l p h a - g c c o n a l p h a ( J e f f G a r z i k ) b r > b r > [ 0 . 9 . 7 a - 3 6 ] b r > - h a n d l e % { _ a r c h } = i 4 8 6 / i 5 8 6 / i 6 8 6 / a t h l o n c a s e s i n t h e i n t e r m e d i a t e b r > h e a d e r ( # 1 2 4 3 0 3 ) b r > b r > [ 0 . 9 . 7 a - 3 5 ] b r > - a d d s e c u r i t y f i x e s f o r C A N - 2 0 0 4 - 0 0 7 9 , C A N - 2 0 0 4 - 0 1 1 2 b r > b r > * T u e M a r 1 6 2 0 0 4 P h i l K n i r s c h p k n i r s c h @ r e d h a t . c o m > b r > - F i x e d l i b i c a f i l e s p e c . b r > b r > [ 0 . 9 . 7 a - 3 4 ] b r > - p p c / p p c 6 4 d e f i n e _ _ p o w e r p c _ _ / _ _ p o w e r p c 6 4 _ _ , n o t _ _ p p c _ _ / _ _ p p c 6 4 _ _ , f i x b r > t h e i n t e r m e d i a t e h e a d e r b r > b r > [ 0 . 9 . 7 a - 3 3 ] b r > - a d d a n i n t e r m e d i a t e o p e n s s l / o p e n s s l c o n f . h > w h i c h p o i n t s t o t h e r i g h t b r > a r c h - s p e c i f i c o p e n s s l c o n f . h o n m u l t i l i b a r c h e s b r > b r > * T u e M a r 0 2 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 3 2 ] b r > - U p d a t e d l i b i c a t o l a t e s t u p s t r e a m v e r s i o n 1 . 3 . 5 . b r > b r > [ 0 . 9 . 7 a - 3 1 ] b r > - U p d a t e I C A c r y p t o e n g i n e p a t c h f r o m I B M t o l a t e s t v e r s i o n . b r > b r > * F r i F e b 1 3 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 2 9 ] b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 2 8 ] b r > - F i x e d l i b i c a b u i l d . b r > b r > * W e d F e b 0 4 2 0 0 4 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d ' - l d l ' t o l i n k f l a g s a d d e d f o r L i n u x - o n - A R M ( # 9 9 3 1 3 ) b r > b r > [ 0 . 9 . 7 a - 2 7 ] b r > - u p d a t e d c a - b u n d l e . c r t : r e m o v e d e x p i r e d G e o T r u s t r o o t s , a d d e d b r > f r e e s s l . c o m r o o t , r e m o v e d t r u s t c e n t e r . d e C l a s s 0 r o o t b r > b r > [ 0 . 9 . 7 a - 2 6 ] b r > - F i x l i n k l i n e f o r l i b s s l ( b u g # 1 1 1 1 5 4 ) . b r > b r > [ 0 . 9 . 7 a - 2 5 ] b r > - a d d d e p e n d e n c y o n z l i b - d e v e l f o r t h e - d e v e l p a c k a g e , w h i c h d e p e n d s o n z l i b b r > s y m b o l s b e c a u s e w e e n a b l e z l i b f o r l i b s s l ( # 1 0 2 9 6 2 ) b r > b r > [ 0 . 9 . 7 a - 2 4 ] b r > - U s e / d e v / u r a n d o m i n s t e a d o f P R N G f o r l i b i c a . b r > - A p p l y l i b i c a - 1 . 3 . 5 f i x f o r / d e v / u r a n d o m i n i c a l i n u x . c b r > - U s e l a t e s t I C A e n g i n e p a t c h f r o m I B M . b r > b r > [ 0 . 9 . 7 a - 2 2 . 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 2 2 ] b r > - r e b u i l d ( 2 2 w a s n ' t a c t u a l l y b u i l t , f u n e h ? ) b r > b r > [ 0 . 9 . 7 a - 2 3 ] b r > - r e - d i s a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * T u e S e p 3 0 2 0 0 3 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - a d d a _ m b s t r . c f i x f o r 6 4 - b i t p l a t f o r m s f r o m C V S b r > b r > [ 0 . 9 . 7 a - 2 2 ] b r > - a d d - W a , - - n o e x e c s t a c k t o R P M _ O P T _ F L A G S s o t h a t a s s e m b l e d m o d u l e s g e t t a g g e d b r > a s n o t n e e d i n g e x e c u t a b l e s t a c k s b r > b r > [ 0 . 9 . 7 a - 2 1 ] b r > - r e b u i l d b r > b r > * T h u S e p 2 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e - e n a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * T h u S e p 2 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e e x c l u s i v e a r c h b r > b r > [ 0 . 9 . 7 a - 2 0 ] b r > - o n l y p a r s e a c l i e n t c e r t i f o n e w a s r e q u e s t e d b r > - t e m p o r a r i l y e x c l u s i v e a r c h f o r % { i x 8 6 } b r > b r > * T u e S e p 2 3 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d s e c u r i t y f i x e s f o r p r o t o c o l p a r s i n g b u g s ( C A N - 2 0 0 3 - 0 5 4 3 , C A N - 2 0 0 3 - 0 5 4 4 ) b r > a n d h e a p c o r r u p t i o n ( C A N - 2 0 0 3 - 0 5 4 5 ) b r > - u p d a t e R H N S - C A - C E R T f i l e s b r > - e a s e b a c k o n t h e n u m b e r o f t h r e a d s u s e d i n t h e t h r e a d i n g t e s t b r > b r > [ 0 . 9 . 7 a - 1 9 ] b r > - r e b u i l d t o f i x g z i p p e d f i l e m d 5 s u m s ( # 9 1 2 1 1 ) b r > b r > [ 0 . 9 . 7 a - 1 8 ] b r > - U p d a t e d l i b i c a t o v e r s i o n 1 . 3 . 4 . b r > b r > [ 0 . 9 . 7 a - 1 7 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 0 . 9 ] b r > - f r e e t h e k s s l _ c t x s t r u c t u r e w h e n w e f r e e a n S S L s t r u c t u r e ( # 9 9 0 6 6 ) b r > b r > [ 0 . 9 . 7 a - 1 6 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 5 ] b r > - l o w e r t h r e a d t e s t c o u n t o n s 3 9 0 x b r > b r > [ 0 . 9 . 7 a - 1 4 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 3 ] b r > - d i s a b l e a s s e m b l y o n a r c h e s w h e r e i t s e e m s t o c o n f l i c t w i t h t h r e a d i n g b r > b r > [ 0 . 9 . 7 a - 1 2 ] b r > - U p d a t e d l i b i c a t o l a t e s t u p s t r e a m v e r s i o n 1 . 3 . 0 b r > b r > [ 0 . 9 . 7 a - 9 . 9 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 0 ] b r > - u b s e c : d o n ' t s t o m p o n o u t p u t d a t a w h i c h m i g h t a l s o b e i n p u t d a t a b r > b r > [ 0 . 9 . 7 a - 9 ] b r > - t e m p o r a r i l y d i s a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * M o n J u n 0 9 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b a c k p o r t f i x f o r e n g i n e - u s e d - f o r - e v e r y t h i n g f r o m 0 . 9 . 7 b b r > - b a c k p o r t f i x f o r p r n g n o t b e i n g s e e d e d c a u s i n g p r o b l e m s , a l s o f r o m 0 . 9 . 7 b b r > - a d d a c h e c k a t b u i l d - t i m e t o e n s u r e t h a t R S A i s t h r e a d - s a f e b r > - k e e p p e r l p a t h f r o m s t o m p i n g o n t h e l i b i c a c o n f i g u r e s c r i p t s b r > b r > * F r i J u n 0 6 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t h r e a d - s a f e t y f i x f o r R S A b l i n d i n g b r > b r > [ 0 . 9 . 7 a - 8 ] b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 7 ] b r > - A d d e d l i b i c a - 1 . 2 t o o p e n s s l ( f e a t u r e r e q u e s t ) . b r > b r > [ 0 . 9 . 7 a - 6 ] b r > - f i x b u i l d i n g w i t h i n c o r r e c t f l a g s o n p p c 6 4 b r > b r > [ 0 . 9 . 7 a - 5 ] b r > - a d d p a t c h t o h a r d e n a g a i n s t K l i m a - P o k o r n y - R o s a e x t e n s i o n o f B l e i c h e n b a c h e r ' s b r > a t t a c k ( C A N - 2 0 0 3 - 0 1 3 1 ) b r > b r > [ 0 . 9 . 7 a - 4 ] b r > - a d d p a t c h t o e n a b l e R S A b l i n d i n g b y d e f a u l t , c l o s i n g a t i m i n g a t t a c k b r > ( C A N - 2 0 0 3 - 0 1 4 7 ) b r > b r > [ 0 . 9 . 7 a - 3 ] b r > - d i s a b l e u s e o f B N a s s e m b l y m o d u l e o n x 8 6 _ 6 4 , b u t c o n t i n u e t o a l l o w i n l i n e b r > a s s e m b l y ( # 8 3 4 0 3 ) b r > b r > [ 0 . 9 . 7 a - 2 ] b r > - d i s a b l e E C a l g o r i t h m s b r > b r > [ 0 . 9 . 7 a - 1 ] b r > - u p d a t e t o 0 . 9 . 7 a b r > b r > [ 0 . 9 . 7 - 8 ] b r > - a d d f i x t o g u a r d a g a i n s t a t t e m p t s t o a l l o c a t e n e g a t i v e a m o u n t s o f m e m o r y b r > - a d d p a t c h f o r C A N - 2 0 0 3 - 0 0 7 8 , f i x i n g a t i m i n g a t t a c k b r > b r > [ 0 . 9 . 7 - 7 ] b r > - A d d o p e n s s l - p p c 6 4 . p a t c h b r > b r > [ 0 . 9 . 7 - 6 ] b r > - E V P _ D e c r y p t I n i t s h o u l d c a l l E V P _ C i p h e r I n i t ( ) i n s t e a d o f E V P _ C i p h e r I n i t _ e x ( ) , b r > t o g e t t h e r i g h t b e h a v i o r w h e n p a s s e d u n i n i t i a l i z e d c o n t e x t s t r u c t u r e s b r > ( # 8 3 7 6 6 ) b r > - b u i l d w i t h - m c p u = e v 5 o n a l p h a f a m i l y ( # 8 3 8 2 8 ) b r > b r > * W e d J a n 2 2 2 0 0 3 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 - 4 ] b r > - A d d e d I B M h w c r y p t o s u p p o r t p a t c h . b r > b r > * W e d J a n 1 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d m i s s i n g b u i l d d e p o n s e d b r > b r > [ 0 . 9 . 7 - 3 ] b r > - d e b l o a t b r > - f i x b r o k e n m a n p a g e s y m l i n k s b r > b r > [ 0 . 9 . 7 - 2 ] b r > - f i x d o u b l e - f r e e i n ' o p e n s s l c a ' b r > b r > [ 0 . 9 . 7 - 1 ] b r > - u p d a t e t o 0 . 9 . 7 f i n a l b r > b r > [ 0 . 9 . 7 - 0 ] b r > - u p d a t e t o 0 . 9 . 7 b e t a 6 ( D O N O T U S E U N T I L U P D A T E D T O F I N A L 0 . 9 . 7 ) b r > b r > * W e d D e c 1 1 2 0 0 2 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 7 b e t a 5 ( D O N O T U S E U N T I L U P D A T E D T O F I N A L 0 . 9 . 7 ) b r > b r > [ 0 . 9 . 6 b - 3 0 ] b r > - a d d c o n f i g u r a t i o n s t a n z a f o r x 8 6 _ 6 4 a n d u s e i t o n x 8 6 _ 6 4 b r > - b u i l d f o r l i n u x - p p c o n p p c b r > - s t a r t r u n n i n g t h e s e l f - t e s t s a g a i n b r > b r > [ 0 . 9 . 6 b - 2 9 h a m m e r . 3 ] b r > - M e r g e f i x e s f r o m p r e v i o u s h a m m e r p a c k a g e s , i n c l u d i n g g e n e r a l x 8 6 - 6 4 a n d b r > m u l t i l i b b r > b r > [ 0 . 9 . 6 b - 2 9 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 8 ] b r > - u p d a t e a s n p a t c h t o f i x a c c i d e n t a l r e v e r s a l o f a l o g i c c h e c k b r > b r > [ 0 . 9 . 6 b - 2 7 ] b r > - u p d a t e a s n p a t c h t o r e d u c e c h a n c e t h a t c o m p i l e r o p t i m i z a t i o n w i l l r e m o v e b r > o n e o f t h e a d d e d t e s t s b r > b r > [ 0 . 9 . 6 b - 2 6 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 5 ] b r > - a d d p a t c h t o f i x A S N . 1 v u l n e r a b i l i t i e s b r > b r > [ 0 . 9 . 6 b - 2 4 ] b r > - a d d b a c k p o r t o f B e n L a u r i e ' s p a t c h e s f o r O p e n S S L 0 . 9 . 6 d b r > b r > [ 0 . 9 . 6 b - 2 3 ] b r > - o w n { _ d a t a d i r } / s s l / m i s c b r > b r > * F r i J u n 2 1 2 0 0 2 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - a u t o m a t e d r e b u i l d b r > b r > * S u n M a y 2 6 2 0 0 2 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - a u t o m a t e d r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 0 ] b r > - f r e e r i d e t h r o u g h t h e b u i l d s y s t e m ( w h e e ! ) b r > b r > [ 0 . 9 . 6 b - 1 9 ] b r > - r e b u i l d i n n e w e n v i r o n m e n t b r > b r > [ 0 . 9 . 6 b - 1 7 , 0 . 9 . 6 b - 1 8 ] b r > - m e r g e R H L - s p e c i f i c b i t s i n t o s t r o n g h o l d p a c k a g e , r e n a m e b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 c - 2 ] b r > - a d d s u p p o r t f o r C h r y s a l i s L u n a t o k e n b r > b r > * T u e M a r 2 6 2 0 0 2 G a r y B e n s o n g b e n s o n @ r e d h a t . c o m > b r > - d i s a b l e A E P r a n d o m n u m b e r g e n e r a t i o n , o t h e r A E P f i x e s b r > b r > [ 0 . 9 . 6 b - 1 5 ] b r > - o n l y b u i l d s u b p a c k a g e s o n p r i m a r y a r c h e s b r > b r > [ 0 . 9 . 6 b - 1 3 ] b r > - o n i a 3 2 , o n l y d i s a b l e u s e o f a s s e m b l e r o n i 3 8 6 b r > - e n a b l e a s s e m b l y o n i a 6 4 b r > b r > [ 0 . 9 . 6 b - 1 1 ] b r > - f i x s p a r c v 9 e n t r y b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 c - 1 ] b r > - u p g r a d e t o 0 . 9 . 6 c b r > - b u m p B u i l d A r c h t o i 6 8 6 a n d e n a b l e a s s e m b l e r o n a l l p l a t f o r m s b r > - s y n c h r o n i s e w i t h s h r i m p y a n d r a w h i d e b r > - b u m p s o v e r s i o n t o 3 b r > b r > * W e d O c t 1 0 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - d e l e t e B N _ L L O N G f o r s 3 9 0 x , p a t c h f r o m O l i v e r P a u k s t a d t b r > b r > [ 0 . 9 . 6 b - 9 ] b r > - u p d a t e A E P d r i v e r p a t c h b r > b r > * M o n S e p 1 0 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d j u s t R N G d i s a b l i n g p a t c h t o m a t c h v e r s i o n o f p a t c h f r o m B r o a d c o m b r > b r > [ 0 . 9 . 6 b - 8 ] b r > - d i s a b l e t h e R N G i n t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 7 ] b r > - t w e a k s t o t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 6 ] b r > - t w e a k s t o t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 5 ] b r > - u p d a t e u b s e c e n g i n e d r i v e r f r o m B r o a d c o m b r > b r > [ 0 . 9 . 6 b - 4 ] b r > - m o v e m a n p a g e s b a c k t o % { _ m a n d i r } / m a n ? / f o o . ? s s l f r o m b r > % { _ m a n d i r } / m a n ? s s l / f o o . ? b r > - a d d a n [ e n g i n e ] s e c t i o n t o t h e d e f a u l t c o n f i g u r a t i o n f i l e b r > b r > * T h u A u g 0 9 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a p a t c h f o r s e l e c t i n g a d e f a u l t e n g i n e i n S S L _ l i b r a r y _ i n i t ( ) b r > b r > [ 0 . 9 . 6 b - 3 ] b r > - a d d p a t c h e s f o r A E P h a r d w a r e s u p p o r t b r > - a d d p a t c h t o k e e p t r y i n g w h e n w e f a i l t o l o a d a c e r t f r o m a f i l e a n d b r > t h e r e a r e m o r e i n t h e f i l e b r > - a d d m i s s i n g p r o t o t y p e f o r E N G I N E _ u b s e c ( ) i n e n g i n e _ i n t . h b r > b r > [ 0 . 9 . 6 b - 2 ] b r > - a c t u a l l y a d d h w _ u b s e c t o t h e e n g i n e l i s t b r > b r > * T u e J u l 1 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d i n t h e h w _ u b s e c d r i v e r f r o m C V S b r > b r > [ 0 . 9 . 6 b - 1 ] b r > - u p d a t e t o 0 . 9 . 6 b b r > b r > * T h u J u l 0 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e . s o s y m l i n k s b a c k t o % { _ l i b d i r } b r > b r > * T u e J u l 0 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e s h a r e d l i b r a r i e s t o / l i b ( # 3 8 4 1 0 ) b r > b r > * M o n J u n 2 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - s w i t c h t o e n g i n e c o d e b a s e b r > b r > * M o n J u n 1 8 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a s c r i p t f o r c r e a t i n g d u m m y c e r t i f i c a t e s b r > - m o v e m a n p a g e s f r o m % { _ m a n d i r } / m a n ? / f o o . ? s s l t o % { _ m a n d i r } / m a n ? s s l / f o o . ? b r > b r > * T h u J u n 0 7 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - a d d s 3 9 0 x s u p p o r t b r > b r > * F r i J u n 0 1 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - c h a n g e t w o m e m c p y ( ) c a l l s t o m e m m o v e ( ) b r > - d o n ' t d e f i n e L _ E N D I A N o n a l p h a b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 a - 1 ] b r > - A d d ' s t r o n g h o l d - ' p r e f i x t o p a c k a g e n a m e s . b r > - O b s o l e t e s t a n d a r d o p e n s s l p a c k a g e s . b r > b r > * W e d M a y 1 6 2 0 0 1 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - A d d B u i l d A r c h : i 5 8 6 a s p e r N a l i n ' s a d v i c e . b r > b r > * T u e M a y 1 5 2 0 0 1 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - E n a b l e a s s e m b l e r o n i x 8 6 ( u s i n g n e w . t a r . b z 2 w h i c h d o e s b r > i n c l u d e t h e a s m d i r e c t o r i e s ) . b r > b r > * T u e M a y 1 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m a k e s u b p a c k a g e s d e p e n d o n t h e m a i n p a c k a g e b r > b r > * T u e M a y 0 1 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d j u s t t h e h o b b l e s c r i p t t o n o t d i s t u r b s y m l i n k s i n i n c l u d e / ( f i x f r o m b r > J o e O r t o n ) b r > b r > * F r i A p r 2 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d r o p t h e m 2 c r y p o p a t c h w e w e r e n ' t u s i n g b r > b r > * T u e A p r 2 4 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - c o n f i g u r e u s i n g ' s h a r e d ' a s w e l l b r > b r > * S u n A p r 0 8 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 6 a b r > - u s e t h e b u i l d - s h a r e d t a r g e t t o b u i l d s h a r e d l i b r a r i e s b r > - b u m p t h e s o v e r s i o n t o 2 b e c a u s e w e ' r e n o l o n g e r c o m p a t i b l e w i t h b r > o u r 0 . 9 . 5 a p a c k a g e s o r o u r 0 . 9 . 6 p a c k a g e s b r > - d r o p t h e p a t c h f o r m a k i n g r s a t e s t a n o - o p w h e n r s a n u l l s u p p o r t i s u s e d b r > - p u t a l l m a n p a g e s i n t o s e c t i o n > s s l i n s t e a d o f s e c t i o n > b r > - b r e a k t h e m 2 c r y p t o m o d u l e s i n t o a s e p a r a t e p a c k a g e b r > b r > * T u e M a r 1 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u s e B N _ L L O N G o n s 3 9 0 b r > b r > * M o n M a r 1 2 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - f i x t h e s 3 9 0 c h a n g e s f o r 0 . 9 . 6 ( i s n ' t s u p p o s e d t o b e m a r k e d a s 6 4 - b i t ) b r > b r > * S a t M a r 0 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e c _ r e h a s h t o t h e p e r l s u b p a c k a g e , b e c a u s e i t ' s a p e r l s c r i p t n o w b r > b r > * F r i M a r 0 2 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 6 b r > - e n a b l e M D 2 b r > - u s e t h e l i b c r y p t o . s o a n d l i b s s l . s o t a r g e t s t o b u i l d s h a r e d l i b s w i t h b r > - b u m p t h e s o v e r s i o n t o 1 b e c a u s e w e ' r e n o l o n g e r c o m p a t i b l e w i t h a n y o f b r > t h e v a r i o u s 0 . 9 . 5 a p a c k a g e s c i r c u l a t i n g a r o u n d , w h i c h p r o v i d e l i b * . s o . 0 b r > b r > * W e d F e b 2 8 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - c h a n g e h o b b l e - o p e n s s l f o r d i s a b l i n g M D 2 a g a i n b r > b r > * T u e F e b 2 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e - d i s a b l e M D 2 - - t h e E V P _ M D _ C T X s t r u c t u r e w o u l d g r o w f r o m 1 0 0 t o 1 5 2 b r > b y t e s o r s o , c a u s i n g E V P _ D i g e s t I n i t ( ) t o z e r o o u t s t a c k v a r i a b l e s i n b r > a p p s b u i l t a g a i n s t a v e r s i o n o f t h e l i b r a r y w i t h o u t i t b r > b r > * M o n F e b 2 6 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e s o m e i n l i n e a s s e m b l y , w h i c h o n x 8 6 i s P e n t i u m - s p e c i f i c b r > - r e - e n a b l e M D 2 ( s e e h t t p : / / w w w . i e t f . o r g / i e t f / I P R / R S A - M D - a l l ) b r > b r > * T h u F e b 0 8 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - f i x s 3 9 0 p a t c h b r > b r > * F r i D e c 0 8 2 0 0 0 T h a n N g o t h a n @ r e d h a t . c o m > b r > - a d d e d s u p p o r t s 3 9 0 b r > b r > * M o n N o v 2 0 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e - W a , * a n d - m * c o m p i l e r f l a g s f r o m t h e d e f a u l t C o n f i g u r e f i l e ( # 2 0 6 5 6 ) b r > - a d d t h e C A . p l m a n p a g e t o t h e p e r l s u b p a c k a g e b r > b r > * T h u N o v 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a l w a y s b u i l d w i t h - m c p u = e v 5 o n a l p h a b r > b r > * T u e O c t 3 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a s y m l i n k f r o m c e r t . p e m t o c a - b u n d l e . c r t b r > b r > * W e d O c t 2 5 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a c a - b u n d l e f i l e f o r p a c k a g e s l i k e S a m b a t o r e f e r e n c e f o r C A c e r t i f i c a t e s b r > b r > * T u e O c t 2 4 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e l i b c r y p t o ' s c r y p t ( ) , w h i c h d o e s n ' t h a n d l e m d 5 c r y p t ( # 1 9 2 9 5 ) b r > b r > * M o n O c t 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d u n z i p a s a b u i l d p r e r e q ( # 1 7 6 6 2 ) b r > - u p d a t e m 2 c r y p t o t o 0 . 0 5 - s n a p 4 b r > b r > * T u e S e p 2 6 2 0 0 0 B i l l N o t t i n g h a m n o t t i n g @ r e d h a t . c o m > b r > - f i x s o m e i s s u e s i n b u i l d i n g w h e n i t ' s n o t i n s t a l l e d b r > b r > * W e d S e p 0 6 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m a k e s u r e t h e h e a d e r s w e i n c l u d e a r e t h e o n e s w e b u i l t w i t h ( a a a a a r r g h ! ) b r > b r > * F r i S e p 0 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d R i c h a r d H e n d e r s o n ' s p a t c h f o r B N o n i a 6 4 b r > - c l e a n u p t h e c h a n g e l o g b r > b r > * T u e A u g 2 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - f i x t h e b u i l d i n g o f p y t h o n m o d u l e s w i t h o u t o p e n s s l - d e v e l a l r e a d y i n s t a l l e d b r > b r > * W e d A u g 2 3 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b y t e - c o m p i l e p y t h o n e x t e n s i o n s w i t h o u t t h e b u i l d - r o o t b r > - a d j u s t t h e m a k e f i l e t o n o t r e m o v e t e m p o r a r y f i l e s ( l i k e . k e y f i l e s w h e n b r > b u i l d i n g . c s r f i l e s ) b y m a r k i n g t h e m a s . P R E C I O U S b r > b r > * S a t A u g 1 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b r e a k o u t p y t h o n e x t e n s i o n s i n t o a s u b p a c k a g e b r > b r > * M o n J u l 1 7 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t w e a k t h e m a k e f i l e s o m e m o r e b r > b r > * T u e J u l 1 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e M D 2 s u p p o r t b r > b r > * T h u J u l 0 6 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e M D C 2 s u p p o r t b r > b r > * S u n J u l 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t w e a k t h e d i s a b l i n g o f R C 5 , I D E A s u p p o r t b r > - t w e a k t h e m a k e f i l e b r > b r > * T h u J u n 2 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - s t r i p b i n a r i e s a n d l i b r a r i e s b r > - r e w o r k c e r t i f i c a t e m a k e f i l e t o h a v e t h e r i g h t p a r t s f o r A p a c h e b r > b r > * W e d J u n 2 8 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u s e % { _ p e r l } i n s t e a d o f / u s r / b i n / p e r l b r > - d i s a b l e a l p h a u n t i l i t p a s s e s i t s o w n t e s t s u i t e b r > b r > * F r i J u n 0 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e t h e p a s s w d . 1 m a n p a g e o u t o f t h e p a s s w d p a c k a g e ' s w a y b r > b r > * F r i J u n 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 5 a , m o d i f i e d f o r U . S . b r > - a d d p e r l a s a b u i l d - t i m e r e q u i r e m e n t b r > - m o v e c e r t i f i c a t e m a k e f i l e t o a n o t h e r p a c k a g e b r > - d i s a b l e R C 5 , I D E A , R S A s u p p o r t b r > - r e m o v e o p t i m i z a t i o n s f o r n o w b r > b r > * W e d M a r 0 1 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - B e r o t o l d m e t o m o v e t h e M a k e f i l e i n t o t h i s p a c k a g e b r > b r > * W e d M a r 0 1 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - a d d l i b * . s o s y m l i n k s t o l i n k d y n a m i c a l l y a g a i n s t s h a r e d l i b s b r > b r > * T u e F e b 2 9 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - u p d a t e t o 0 . 9 . 5 b r > - r u n l d c o n f i g d i r e c t l y i n p o s t / p o s t u n b r > - a d d F A Q b r > b r > * S a t D e c 1 8 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - F i x b u i l d o n n o n - x 8 6 p l a t f o r m s b r > b r > * F r i N o v 1 2 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - m o v e / u s r / s h a r e / s s l / * f r o m - d e v e l t o m a i n p a c k a g e b r > b r > * T u e O c t 2 6 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - i n i t a l p a c k a g i n g b r > - c h a n g e s f r o m b a s e : b r > - M o v e / u s r / l o c a l / s s l t o / u s r / s h a r e / s s l f o r F H S c o m p l i a n c e b r > - h a n d l e R P M _ O P T _ F L A G S b r > o p e n s s l - 1 . 0 . 1 - b e t a 2 - r p m b u i l d . p a t c h b r > o p e n s s l - 0 . 9 . 8 a - n o - r p a t h . p a t c h / p > \n \n \n b r > h 2 > R e l a t e d C V E s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 0 9 . h t m l \" > C V E - 2 0 1 5 - 0 2 0 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 6 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 6 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 7 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 7 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 8 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 8 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 9 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 9 2 . h t m l \" > C V E - 2 0 1 5 - 0 2 9 2 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 9 3 . h t m l \" > C V E - 2 0 1 5 - 0 2 9 3 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n b r > h 2 > U p d a t e d P a c k a g e s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r s t y l e = \" c o l o r : # F F 0 0 0 0 ; \" > t d > b > R e l e a s e / A r c h i t e c t u r e / b > t d > b > F i l e n a m e / b > / t d > t d > b > M D 5 s u m / b > / t d > t d > b > S u p e r s e d e d B y A d v i s o r y / b > / t d > / t r > \n t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 6 ( x 8 6 _ 6 4 ) / t d > t d > o p e n s s l - f i p s - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . s r c . r p m / t d > t d > a 1 5 1 5 7 a e 5 1 c 4 9 6 a 0 f b b c e b f 3 e d 8 1 c 7 5 2 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 1 3 f e 4 0 1 6 a 2 0 6 1 6 3 0 9 f 3 6 1 8 9 5 e f f 1 a 6 b a / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - d e v e l - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 8 4 2 5 9 3 d f 2 9 4 e 9 b 4 a f 9 e c 8 9 e e a 2 c 3 e 7 c a / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - p e r l - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 1 d f b a e 8 9 0 b e 2 5 f f 1 4 c 3 e 7 a 2 6 f 5 0 5 8 a 3 8 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - s t a t i c - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > a e c b 3 b 5 9 b c c b a 0 e 8 f b a 2 b 6 2 e 4 3 c c 6 a b e / t d > t d > a h r e f = # > - / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n \n b r > b r > \n b r > p > \n T h i s p a g e i s g e n e r a t e d a u t o m a t i c a l l y a n d h a s n o t b e e n c h e c k e d f o r e r r o r s o r o m i s s i o n s . F o r c l a r i f i c a t i o n \n o r c o r r e c t i o n s p l e a s e c o n t a c t t h e a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / \" > O r a c l e L i n u x U L N t e a m / a > / p > \n \n \n \n / d i v > \n ! - - \n / d i v > \n - - > \n / d i v > \n / d i v > \n \n \n d i v i d = \" m c 1 6 \" c l a s s = \" m c 1 6 v 0 \" > \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > T e c h n i c a l i n f o r m a t i o n / h 2 > \n u l > \n l i > a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / h a r d w a r e - c e r t i f i c a t i o n s \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x C e r t i f i e d H a r d w a r e / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / l i b r a r y / e l s p - l i f e t i m e - 0 6 9 3 3 8 . p d f \" > O r a c l e L i n u x S u p p o r t e d R e l e a s e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > O r a c l e L i n u x S u p p o r t / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / t e c h n o l o g i e s / l i n u x / O r a c l e L i n u x S u p p o r t / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x S u p p o r t / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / p r e m i e r / s e r v e r s - s t o r a g e / o v e r v i e w / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e P r e m i e r S u p p o r t f o r S y s t e m s / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / a d v a n c e d - c u s t o m e r - s e r v i c e s / o v e r v i e w / \" > A d v a n c e d C u s t o m e r S e r v i c e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 2 \" > \n h 2 > C o n n e c t / h 2 > \n u l > \n l i c l a s s = \" f b i c o n \" > a h r e f = \" h t t p : / / w w w . f a c e b o o k . c o m / o r a c l e l i n u x \" t i t l e = \" F a c e b o o k \" n a m e = \" F a c e b o o k \" t a r g e t = \" _ b l a n k \" i d = \" F a c e b o o k \" > F a c e b o o k / a > / l i > \n l i c l a s s = \" t w i c o n \" > a h r e f = \" h t t p : / / w w w . t w i t t e r . c o m / O r a c l e L i n u x \" t i t l e = \" T w i t t e r \" n a m e = \" T w i t t e r \" t a r g e t = \" _ b l a n k \" i d = \" T w i t t e r \" > T w i t t e r / a > / l i > \n l i c l a s s = \" i n i c o n \" > a h r e f = \" h t t p : / / w w w . l i n k e d i n . c o m / g r o u p s ? g i d = 1 2 0 2 3 8 \" t i t l e = \" L i n k e d I n \" n a m e = \" L i n k e d I n \" t a r g e t = \" _ b l a n k \" i d = \" L i n k e d I n \" > L i n k e d I n / a > / l i > \n l i c l a s s = \" y t i c o n \" > a h r e f = \" h t t p : / / w w w . y o u t u b e . c o m / o r a c l e l i n u x c h a n n e l \" t i t l e = \" Y o u T u b e \" n a m e = \" Y o u T u b e \" t a r g e t = \" _ b l a n k \" i d = \" Y o u T u b e \" > Y o u T u b e / a > / l i > \n l i c l a s s = \" b l o g i c o n \" > a h r e f = \" h t t p : / / b l o g s . o r a c l e . c o m / l i n u x \" t i t l e = \" B l o g \" n a m e = \" B l o g \" > B l o g / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 3 \" > \n h 2 > C o n t a c t U s / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / c o r p o r a t e / c o n t a c t / g l o b a l - 0 7 0 5 1 1 . h t m l \" > G l o b a l c o n t a c t s / a > / l i > \n l i > O r a c l e 1 - 8 0 0 - 6 3 3 - 0 6 9 1 / l i > \n / u l > \n / d i v > \n / d i v > \n / d i v > \n \n d i v i d = \" m c 0 4 \" c l a s s = \" m c 0 4 v 1 \" > \n d i v c l a s s = \" m c 0 4 w 1 \" > \n a h r e f = \" h t t p : / / o r a c l e . c o m \" > i m g s r c = \" / / w w w . o r a c l e i m g . c o m / a s s e t s / m c 0 4 - f o o t e r - l o g o . p n g \" b o r d e r = \" 0 \" a l t = \" s o f t w a r e . h a r d w a r e . c o m p l e t e \" / > / a > \n / d i v > \n \n d i v c l a s s = \" m c 0 4 w 2 \" > \n a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / s u b s c r i b e / i n d e x . h t m l \" > S u b s c r i b e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / e m p l o y m e n t / i n d e x . h t m l \" > C a r e e r s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / c o n t a c t / i n d e x . h t m l \" > C o n t a c t U s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / c o p y r i g h t . h t m l \" > L e g a l N o t i c e s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / t e r m s . h t m l \" > T e r m s o f U s e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / p r i v a c y . h t m l \" > Y o u r P r i v a c y R i g h t s / a > \n / d i v > \n / d i v > \n / d i v > \n / b o d y > \n / h t m l > \n ", "edition": 5, "reporter": "Oracle", "published": "2015-04-02T00:00:00", "title": "openssl-fips security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0166", "CVE-2012-2333", "CVE-2006-3738", "CVE-2009-1379", "CVE-2006-2940", "CVE-2006-2937", "CVE-2007-4995", "CVE-2011-4108", "CVE-2009-1377", "CVE-2013-0169", "CVE-2015-0286", "CVE-2013-6449", "CVE-2006-4343", "CVE-2003-0544", "CVE-2007-3108", "CVE-2003-0543", "CVE-2011-4576", "CVE-2003-0545", "CVE-2005-2946", "CVE-2005-2969", "CVE-2006-4339", "CVE-2004-0112", "CVE-2015-0288", "CVE-2009-4355", "CVE-2012-1165", "CVE-2011-4577", "CVE-2014-0224", "CVE-2010-0742", "CVE-2008-0891", "CVE-2004-0975", "CVE-2011-4619", "CVE-2003-0131", "CVE-2004-0079", "CVE-2007-5135", "CVE-2011-0014", "CVE-2009-1378", "CVE-2014-3470", "CVE-2012-4929", "CVE-2013-6450", "CVE-2012-0050", "CVE-2009-3555", "CVE-2010-1633", "CVE-2015-0293", "CVE-2010-5298", "CVE-2014-0160", "CVE-2013-4353", "CVE-2008-1672", "CVE-2014-0195", "CVE-2014-0198", "CVE-2015-0209", "CVE-2012-2110", "CVE-2012-0884", "CVE-2010-3864", "CVE-2005-0109", "CVE-2015-0287", "CVE-2011-3207", "CVE-2015-0289", "CVE-2015-0292", "CVE-2003-0078", "CVE-2003-0147", "CVE-2014-0221"], "modified": "2015-04-02T00:00:00", "id": "ELSA-2015-3022", "href": "http://linux.oracle.com/errata/ELSA-2015-3022.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "aix": [{"lastseen": "2018-08-31T00:08:37", "aixFileset": [{"productVersions": ["any"], "versionGte": "12.9.8.0", "fileset": "openssl.base", "versionLte": "12.9.8.1800", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "0.9.8.0", "fileset": "openssl.base", "versionLte": "0.9.8.1800", "productName": "aix"}], "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Wed Mar 21 13:02:49 CDT 2012\n|Updated: Thu Mar 22 09:06:21 CDT 2012\n|Added VIOS release reference \n|Updated: Tue Jun 5 11:06:56 CDT 2012\n|Corrected FIPS version\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc\nor\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc\n\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Multiple OpenSSL vulnerabilities \n\nPLATFORMS: AIX 5.3, 6.1, 7.1, and earlier releases\n| VIOS 2.X and 1.5.2\n\nSOLUTION: Apply the fix as described below.\n\nTHREAT: See below\n\nCVE Numbers: CVE-2011-4108\n CVE-2011-4109\n CVE-2011-4576\n CVE-2011-4619\n CVE-2012-0050\n\n DETAILED INFORMATION\n\nI. DESCRIPTION (from cve.mitre.org)\n\n The DTLS implementation in OpenSSL before 0.9.8s and 1.x before \n 1.0.0f performs a MAC check only if certain padding is valid, which \n makes it easier for remote attackers to recover plaintext via a \n padding oracle attack. \n\n Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when \n X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have \n an unspecified impact by triggering failure of a policy check. \n\n The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before \n 1.0.0f does not properly initialize data structures for block cipher \n padding, which might allow remote attackers to obtain sensitive \n information by decrypting the padding data sent by an SSL peer. \n\n The Server Gated Cryptography (SGC) implementation in OpenSSL before \n 0.9.8s and 1.x before 1.0.0f does not properly handle handshake \n restarts, which allows remote attackers to cause a denial of service \n via unspecified vectors. \n\n OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, \n which allows remote attackers to cause a denial of service via \n unspecified vectors. NOTE: this vulnerability exists because of an \n incorrect fix for CVE-2011-4108. \n\n Please see the following for more information:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050\n\nII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n\n On VIO Server:\n\n oem_setup_env\n lslpp -L openssl.base\n\n The following fileset levels are vulnerable:\n\n AIX 7.1, 6.1, 5.3: all versions less than or equal 0.9.8.1800\n| AIX 7.1, 6.1, 5.3: FIPS capable versions less than or equal 12.9.8.1800\n AIX 5.2: all versions less than or equal 0.9.8.808\n| VIOS 2.X, 1.5.2: all versions less than or equal 0.9.8.1800\n\n IMPORTANT: If AIX OpenSSH is in use, it must be updated to version\n OpenSSH 5.0 or later, depending on the OpenSSL version according to\n following compatibility matrix:\n\n AIX OpenSSL OpenSSH\n ------------------------------------------------------------------\n 5.2 OpenSSL 0.9.8.80x OpenSSH 5.0\n 5.3,6.1,7.1 OpenSSL 0.9.8.18xx OpenSSH 5.8.0.61xx\n 5.3,6.1,7.1 OpenSSL-fips 12.9.8.18xx OpenSSH 5.8.0.61xx\n\n| VIOS OpenSSL OpenSSH\n| ------------------------------------------------------------------\n| 2.X,1.5.2 OpenSSL 0.9.8.18x OpenSSH 5.8.0.61xx\n\n AIX OpenSSH can be downloaded from:\n\n OpenSSH 5.0:\n http://sourceforge.net/projects/openssh-aix\n OpenSSH 5.8.0.61xx\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\nIII. FIXES\n\n A fix is available, and it can be downloaded from:\n\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n To extract the fixes from the tar file:\n\n zcat openssl.0.9.8.1801.tar.Z | tar xvf -\n or\n zcat openssl-fips.12.9.8.1801.tar.Z | tar xvf -\n or\n zcat openssl.0.9.8.809.tar.Z | tar xvf -\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview the fix installation:\n\n installp -apYd . openssl\n\n To install the fix package:\n\n installp -aXYd . openssl\n\nIV. WORKAROUNDS\n\n There are no workarounds.\n\nV. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n C. Download the key from a PGP Public Key Server. The key ID is:\n\n\t 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (AIX)\n\niD8DBQFPzjky4fmd+Ci/qhIRAkaeAJ0blLzpoOJFKL6imKaREA/ZgB8hZQCgmjsm\nEVo11PKqS3djvRCmgvJPiaY=\n=zvSX\n-----END PGP SIGNATURE-----\n", "edition": 3, "reporter": "CentOS Project", "published": "2012-03-21T13:02:49", "title": "Multiple OpenSSL vulnerabilities", "type": "aix", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "aix": {"apars": []}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2012-06-05T11:06:56", "id": "OPENSSL_ADVISORY3.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2016-11-09T00:09:57", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "reporter": "f5", "published": "2014-07-17T00:00:00", "title": "SOL15417 - OpenSSL vulnerability CVE-2012-0050", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-4108", "CVE-2012-0050"], "modified": "2014-08-13T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15417.html", "id": "SOL15417", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:05", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "reporter": "f5", "published": "2014-07-17T00:00:00", "title": "SOL15427 - OpenSSL vulnerability CVE-2011-4354", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-4354"], "modified": "2014-07-17T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15427.html", "id": "SOL15427", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-03-19T09:02:01", "references": ["https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10322.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/6000/600/sol6664.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/10000/900/sol10942.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/3000/400/sol3430.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "reporter": "f5", "published": "2014-08-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SOL15460 - OpenSSL Vulnerability CVE-2011-4109", "type": "f5", "bulletinFamily": "software", "cvelist": ["CVE-2011-4109"], "modified": "2014-08-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html", "id": "SOL15460", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:08", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7815.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/8000/800/sol8802.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4949.html"], "edition": 1, "description": "****\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\n**Note**: SGC certificates are considered obsolete and are typically used only to support 128-bit SSL in browsers released before the year 2000.\n\n**BIG-IP 11.x**\n\nTo mitigate this vulnerability on virtual servers, you can configure your SSL profile to use the NATIVE cipher suite. To do so, refer to SOL13171 referenced in the **Supplemental Information** section below. You may also avoid using SGC Certificates.\n\nTo mitigate this vulnerability in the BIG-IP Configuration utility you can avoid using SGC certificates.\n\n**BIG-IP 10.x**\n\nTo mitigate this vulnerability on virtual servers, you can configure your SSL profile to use the NATIVE cipher suite. To do so, refer to SOL7815 referenced in the **Supplemental Information** section below. You may also avoid using SGC Certificates.\n\nTo mitigate this vulnerability in the BIG-IP Configuration utility you can avoid using SGC certificates.\n\n**Enterprise Manager \n**\n\nTo mitigate this vulnerability in the Enterprise Manger Configuration utility you can avoid using SGC certificates.\n\n**ARX**\n\nTo mitigate this vulnerability in the ARX GUI you can avoid using SGC certificates.\n\nSupplemental Information\n\n * SOL4949: Configuring BIG-IP LTM to use a Step-Up or Server Gated Cryptography (SGC) certificate\n * SOL8802: Using SSL ciphers with BIG-IP Client SSL and Server SSL profiles\n * SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n", "reporter": "f5", "published": "2014-08-13T00:00:00", "title": "SOL15461 - OpenSSL vulnerability CVE-2011-4619", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "11.0.0 - 11.1.0\n 10.1.0 - 10.2.4\n", "version": "11.3.0", "operator": "le"}, {"name": "11.0.0 - 11.1.0\n 10.0.0 - 10.2.4", "version": "11.5.1", "operator": "le"}, {"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.1.0", "operator": "le"}, {"name": "11.0.0 - 11.1.0\n 10.0.0 - 10.2.4\n", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "11.0.0 - 11.1.0\n 10.1.0 - 10.2.4\n", "version": "11.5.1", "operator": "le"}, {"name": "BIG-IP Edge Gateway\n", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "Enterprise Manager", "version": "2.3.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.4.1", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.0.0", "operator": "le"}, {"name": "11.0.0 - 11.1.0\n 10.0.0 - 10.2.4\n", "version": "11.3.0", "operator": "le"}, {"name": "11.0.0 - 11.1.0\n 10.0.0 - 10.2.4\n", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP Edge Gateway\n", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.1.0", "operator": "le"}, {"name": "11.0.0 - 11.1.0\n 10.0.0 - 10.2.4\n", "version": "11.5.1", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.4.1", "operator": "le"}, {"name": "11.0.0 - 11.1.0\n", "version": "11.5.1", "operator": "le"}], "cvelist": ["CVE-2011-4619"], "modified": "2014-10-23T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html", "id": "SOL15461", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:55", "references": ["https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10322.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/6000/600/sol6664.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/10000/900/sol10942.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/3000/400/sol3430.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "reporter": "f5", "published": "2014-07-16T00:00:00", "title": "SOL15389 - OpenSSL vulnerability CVE-2011-4576", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ARX", "version": "6.4.0", "operator": "le"}], "cvelist": ["CVE-2011-4576"], "modified": "2014-08-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html", "id": "SOL15389", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:56", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n", "reporter": "f5", "published": "2014-07-16T00:00:00", "title": "SOL15395 - OpenSSL vulnerability CVE-2012-0027", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-0027"], "modified": "2014-07-24T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html", "id": "SOL15395", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:04", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/8000/800/sol8802.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\n**BIG-IP 11.x**\n\nTo mitigate this vulnerability, you can configure your Secure Socket Layer (SSL) profile to use the NATIVE cipher suite. To do so, refer to SOL13171: Configuring the cipher strength for SSL profiles (11.x). \n\n\n**BIG-IP 10.x**\n\nTo mitigate this vulnerability, you can configure your SSL profile to use the NATIVE cipher suite. To do so, refer to SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x).\n\nSupplemental Information\n\n * SOL8802: Using SSL ciphers with BIG-IP Client SSL and Server SSL profiles\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n", "reporter": "f5", "published": "2014-07-17T00:00:00", "title": "SOL15388 - OpenSSL vulnerability CVE-2011-4108", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP PSM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway\n", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "Enterprise Manager", "version": "2.3.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.0.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway\n", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.3.0", "operator": "le"}], "cvelist": ["CVE-2011-4108"], "modified": "2014-08-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html", "id": "SOL15388", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cve": [{"lastseen": "2016-09-03T15:52:29", "references": ["http://eprint.iacr.org/2011/633", "http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest", "http://openwall.com/lists/oss-security/2011/12/01/6", "http://marc.info/?t=119271238800004", "http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c&v1=1.14&v2=1.21", "http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip", "http://www.debian.org/security/2012/dsa-2390", "https://bugzilla.redhat.com/show_bug.cgi?id=757909"], "edition": 1, "description": "crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.", "reporter": "NVD", "published": "2012-01-26T19:55:01", "type": "cve", "title": "CVE-2011-4354", "enchantments": {"score": {"modified": "2016-09-03T15:52:29", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-4354"], "scanner": [], "cpe": ["cpe:/a:openssl:openssl:0.9.5:beta1:~~~~x86~", "cpe:/a:openssl:openssl:0.9.6:beta2:~~~~x86~", "cpe:/a:openssl:openssl:0.9.5a::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7f::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7:beta5:~~~~x86~", "cpe:/a:openssl:openssl:0.9.6:beta3:~~~~x86~", "cpe:/a:openssl:openssl:0.9.6f::~~~~x86~", "cpe:/a:openssl:openssl:0.9.8f::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7:beta4:~~~~x86~", "cpe:/a:openssl:openssl:0.9.4::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6a:beta3:~~~~x86~", "cpe:/a:openssl:openssl:0.9.6c::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6b::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7:beta2:~~~~x86~", "cpe:/a:openssl:openssl:0.9.7m::~~~~x86~", "cpe:/a:openssl:openssl:0.9.8a::~~~~x86~", "cpe:/a:openssl:openssl:0.9.5a:beta1:~~~~x86~", "cpe:/a:openssl:openssl:0.9.7a::~~~~x86~", "cpe:/a:openssl:openssl:0.9.3::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6a::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6d::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6h::~~~~x86~", "cpe:/a:openssl:openssl:0.9.3a::~~~~x86~", "cpe:/a:openssl:openssl:0.9.8d::~~~~x86~", "cpe:/a:openssl:openssl:0.9.8g::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6k::~~~~x86~", "cpe:/a:openssl:openssl:0.9.8c::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7i::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6m::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6a:beta1:~~~~x86~", "cpe:/a:openssl:openssl:0.9.8b::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7b::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7c::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6g::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7k::~~~~x86~", "cpe:/a:openssl:openssl:0.9.8e::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7:beta1:~~~~x86~", "cpe:/a:openssl:openssl:0.9.8::~~~~x86~", "cpe:/a:openssl:openssl:0.9.5a:beta2:~~~~x86~", "cpe:/a:openssl:openssl:0.9.5::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7h::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6e::~~~~x86~", "cpe:/a:openssl:openssl:0.9.1c::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6a:beta2:~~~~x86~", "cpe:/a:openssl:openssl:0.9.7:beta6:~~~~x86~", "cpe:/a:openssl:openssl:0.9.7j::~~~~x86~", "cpe:/a:openssl:openssl:0.9.2b::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6j::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7d::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6i::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7l::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7:beta3:~~~~x86~", "cpe:/a:openssl:openssl:0.9.6:beta1:~~~~x86~", "cpe:/a:openssl:openssl:0.9.5:beta2:~~~~x86~", "cpe:/a:openssl:openssl:0.9.7g::~~~~x86~", "cpe:/a:openssl:openssl:0.9.7e::~~~~x86~", "cpe:/a:openssl:openssl:0.9.6l::~~~~x86~"], "modified": "2012-11-06T00:03:37", "id": "CVE-2011-4354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4354", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T15:54:59", "references": ["http://support.apple.com/kb/HT5784", "http://rhn.redhat.com/errata/RHSA-2012-1306.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html", "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html", "http://www.kb.cert.org/vuls/id/737740", "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "http://rhn.redhat.com/errata/RHSA-2012-1307.html", "http://marc.info/?l=bugtraq&m=132750648501816&w=2", "http://www.openssl.org/news/secadv_20120104.txt", "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007", "http://marc.info/?l=bugtraq&m=133951357207000&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html", "http://marc.info/?l=bugtraq&m=134039053214295&w=2", "http://rhn.redhat.com/errata/RHSA-2012-1308.html", "http://www.debian.org/security/2012/dsa-2390"], "edition": 1, "description": "The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.", "reporter": "NVD", "published": "2012-01-05T20:55:00", "title": "CVE-2011-4576", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T15:54:59", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-4576"], "scanner": [], "cpe": ["cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:1.0.0:beta3", "cpe:/a:openssl:openssl:1.0.0:beta1", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:1.0.0:beta4", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:0.9.6h:bogus", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:1.0.0:beta2", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:1.0.0:beta5", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.6l", "cpe:/a:openssl:openssl:0.9.8p"], "modified": "2016-08-22T22:04:39", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4576", "id": "CVE-2011-4576", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-03T15:55:36", "references": ["http://support.apple.com/kb/HT5784", "http://rhn.redhat.com/errata/RHSA-2012-1306.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html", "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html", "http://www.kb.cert.org/vuls/id/737740", "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "http://rhn.redhat.com/errata/RHSA-2012-1307.html", "http://marc.info/?l=bugtraq&m=132750648501816&w=2", "http://www.openssl.org/news/secadv_20120104.txt", "http://marc.info/?l=bugtraq&m=133728068926468&w=2", "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007", "http://marc.info/?l=bugtraq&m=133951357207000&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html", "http://marc.info/?l=bugtraq&m=134039053214295&w=2", "http://rhn.redhat.com/errata/RHSA-2012-1308.html", "http://www.debian.org/security/2012/dsa-2390"], "edition": 1, "description": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.", "reporter": "NVD", "published": "2012-01-05T20:55:01", "title": "CVE-2011-4619", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T15:55:36", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-4619"], "scanner": [], "cpe": ["cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:1.0.0:beta3", "cpe:/a:openssl:openssl:1.0.0:beta1", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:1.0.0:beta4", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:0.9.6h:bogus", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:1.0.0:beta2", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:1.0.0:beta5", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.6l", "cpe:/a:openssl:openssl:0.9.8p"], "modified": "2016-08-22T22:04:40", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4619", "id": "CVE-2011-4619", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T15:49:32", "references": ["http://support.apple.com/kb/HT5784", "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2012-1306.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html", "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html", "http://www.kb.cert.org/vuls/id/737740", "http://www.isg.rhul.ac.uk/~kp/dtls.pdf", "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "http://rhn.redhat.com/errata/RHSA-2012-1307.html", "http://marc.info/?l=bugtraq&m=132750648501816&w=2", "http://www.openssl.org/news/secadv_20120104.txt", "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006", "https://securityadvisories.paloaltonetworks.com/Home/Detail/17", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007", "http://marc.info/?l=bugtraq&m=133951357207000&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html", "http://marc.info/?l=bugtraq&m=134039053214295&w=2", "http://rhn.redhat.com/errata/RHSA-2012-1308.html", "http://www.debian.org/security/2012/dsa-2390"], "edition": 1, "description": "The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.", "reporter": "NVD", "published": "2012-01-05T20:55:00", "title": "CVE-2011-4108", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T15:49:32", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-4108"], "scanner": [], "cpe": ["cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:1.0.0:beta3", "cpe:/a:openssl:openssl:1.0.0:beta1", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:1.0.0:beta4", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:0.9.6h:bogus", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:1.0.0:beta2", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:1.0.0:beta5", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.6l", "cpe:/a:openssl:openssl:0.9.8p"], "modified": "2016-08-22T22:04:34", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4108", "id": "CVE-2011-4108", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-08-29T11:19:48", "references": ["http://support.apple.com/kb/HT5784", "http://rhn.redhat.com/errata/RHSA-2012-1306.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html", "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "http://www.kb.cert.org/vuls/id/737740", "http://rhn.redhat.com/errata/RHSA-2012-1307.html", "http://marc.info/?l=bugtraq&m=132750648501816&w=2", "http://www.openssl.org/news/secadv_20120104.txt", "https://exchange.xforce.ibmcloud.com/vulnerabilities/72129", "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007", "http://marc.info/?l=bugtraq&m=134039053214295&w=2", "http://rhn.redhat.com/errata/RHSA-2012-1308.html", "http://www.debian.org/security/2012/dsa-2390"], "description": "Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.", "edition": 2, "reporter": "NVD", "published": "2012-01-05T20:55:00", "title": "CVE-2011-4109", "type": "cve", "enchantments": {"score": {"modified": "2017-08-29T11:19:48", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-4109"], "scanner": [], "modified": "2017-08-28T21:30:27", "cpe": ["cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2011-4109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4109", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T16:05:15", "references": ["http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html", "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "http://www.openssl.org/news/secadv_20120104.txt", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"], "edition": 1, "description": "The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.", "reporter": "NVD", "published": "2012-01-05T20:55:01", "title": "CVE-2012-0027", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T16:05:15", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-0027"], "scanner": [], "modified": "2014-03-26T00:27:05", "cpe": ["cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:0.9.3a", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:1.0.0:beta3", "cpe:/a:openssl:openssl:1.0.0:beta1", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.3", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:1.0.0:beta4", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:0.9.6h:bogus", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:1.0.0:beta2", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:1.0.0:beta5", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.6l", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2012-0027", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0027", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T16:05:33", "references": ["http://support.apple.com/kb/HT5784", "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "http://www.securitytracker.com/id?1026548", "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:011", "http://www.debian.org/security/2012/dsa-2392", "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289", "http://marc.info/?l=bugtraq&m=133951357207000&w=2", "http://marc.info/?l=bugtraq&m=134039053214295&w=2", "http://www.openssl.org/news/secadv_20120118.txt", "http://www.securityfocus.com/bid/51563"], "description": "OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.", "edition": 1, "reporter": "NVD", "published": "2012-01-19T14:55:01", "type": "cve", "title": "CVE-2012-0050", "enchantments": {"score": {"modified": "2016-09-03T16:05:33", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-0050"], "scanner": [], "cpe": ["cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:1.0.0f"], "modified": "2016-08-22T22:04:49", "id": "CVE-2012-0050", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0050", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:11", "references": ["http://openssl.org/news/secadv_20120104.txt"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.0_8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "lt"}], "description": "\nThe OpenSSL Team reports:\n\n6 security flaws have been fixed in OpenSSL 1.0.0f:\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8,\n\t then a policy check failure can lead to a double-free.\nOpenSSL prior to 1.0.0f and 0.9.8s failed to clear the\n\t bytes used as block cipher padding in SSL 3.0 records.\n\t As a result, in each record, up to 15 bytes of\n\t uninitialized memory may be sent, encrypted, to the SSL\n\t peer. This could include sensitive contents of\n\t previously freed memory.\nRFC 3779 data can be included in certificates, and if\n\t it is malformed, may trigger an assertion failure.\n\t This could be used in a denial-of-service attack.\nSupport for handshake restarts for server gated\n\t cryptograpy (SGC) can be used in a denial-of-service\n\t attack.\nA malicious TLS client can send an invalid set of GOST\n\t parameters which will cause the server to crash due to\n\t lack of error checking. This could be used in a\n\t denial-of-service attack.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2012-01-04T00:00:00", "title": "OpenSSL -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2011-4109"], "modified": "2012-01-04T00:00:00", "id": "78CC8A46-3E56-11E1-89B4-001EC9578670", "href": "https://vuxml.freebsd.org/freebsd/78cc8a46-3e56-11e1-89b4-001ec9578670.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:15:06", "references": [], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.4_8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "lt"}], "description": "\nProblem description:\n\nOpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0\n\t records when operating as a client or a server that accept SSL 3.0\n\t handshakes. As a result, in each record, up to 15 bytes of uninitialized\n\t memory may be sent, encrypted, to the SSL peer. This could include\n\t sensitive contents of previously freed memory. [CVE-2011-4576]\nOpenSSL support for handshake restarts for server gated cryptography (SGC)\n\t can be used in a denial-of-service attack. [CVE-2011-4619]\nIf an application uses OpenSSL's certificate policy checking when\n\t verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK\n\t flag, a policy check failure can lead to a double-free. [CVE-2011-4109]\nA weakness in the OpenSSL PKCS #7 code can be exploited using\n\t Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the\n\t million message attack (MMA). [CVE-2012-0884]\nThe asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp\n\t functions, in OpenSSL contains multiple integer errors that can cause\n\t memory corruption when parsing encoded ASN.1 data. This error can occur\n\t on systems that parse untrusted ASN.1 data, such as X.509 certificates\n\t or RSA public keys. [CVE-2012-2110]\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2012-05-03T00:00:00", "title": "FreeBSD -- OpenSSL multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4576", "CVE-2011-4619", "CVE-2012-2110", "CVE-2012-0884", "CVE-2011-4109"], "modified": "2012-05-03T00:00:00", "id": "2AE114DE-C064-11E1-B5E0-000C299B62E1", "href": "https://vuxml.freebsd.org/freebsd/2ae114de-c064-11e1-b5e0-000c299b62e1.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:15:11", "references": ["http://www.openssl.org/news/secadv_20120118.txt"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.0_9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "lt"}], "description": "\nThe OpenSSL Team reports:\n\nA flaw in the fix to CVE-2011-4108 can be exploited in a\n\t denial of service attack. Only DTLS applications using OpenSSL\n\t 1.0.0f and 0.9.8s are affected.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2012-01-18T00:00:00", "title": "OpenSSL -- DTLS Denial of Service", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0050"], "modified": "2012-01-18T00:00:00", "id": "5C5F19CE-43AF-11E1-89B4-001EC9578670", "href": "https://vuxml.freebsd.org/freebsd/5c5f19ce-43af-11e1-89b4-001ec9578670.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:32", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108", "https://bugs.gentoo.org/show_bug.cgi?id=397695", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050 ", "https://bugs.gentoo.org/show_bug.cgi?id=399365", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.0g", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/openssl", "operator": "lt"}], "edition": 1, "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been found in OpenSSL:\n\n * Timing differences for decryption are exposed by CBC mode encryption in OpenSSL\u2019s implementation of DTLS (CVE-2011-4108). \n * A policy check failure can result in a double-free error when X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109). \n * Clients and servers using SSL 3.0 handshakes do not clear the block cipher padding, allowing a record to contain up to 15 bytes of uninitialized memory, which could include sensitive information (CVE-2011-4576). \n * Assertion errors can occur during the handling of malformed X.509 certificates when OpenSSL is built with RFC 3779 support (CVE-2011-4577). \n * A resource management error can occur when OpenSSL\u2019s server gated cryptography (SGC) does not properly handle handshake restarts (CVE-2011-4619). \n * Invalid parameters in the GOST block cipher are not properly handled by the GOST ENGINE(CVE-2012-0027). \n * An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service or obtain sensitive information, including plaintext passwords. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.0g\"", "reporter": "Gentoo Foundation", "published": "2012-03-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2015-06-06T00:00:00", "id": "GLSA-201203-12", "href": "https://security.gentoo.org/glsa/201203-12", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:26", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0060.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1.0.1.centos", "packageFilename": "openssl-0.9.8e-20.el5_7.1.0.1.centos.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1.0.1.centos", "packageFilename": "openssl-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm", "packageName": "openssl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1.0.1.centos", "packageFilename": "openssl-0.9.8e-20.el5_7.1.0.1.centos.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1.0.1.centos", "packageFilename": "openssl-0.9.8e-20.el5_7.1.0.1.centos.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1.0.1.centos", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm", "packageName": "openssl-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1.0.1.centos", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1.0.1.centos", "packageFilename": "openssl-0.9.8e-20.el5_7.1.0.1.centos.src.rpm", "packageName": "openssl", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1.0.1.centos", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.0.1.centos.x86_64.rpm", "packageName": "openssl-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-0.9.8e-20.el5_7.1.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-0.9.8e-20.el5_7.1.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1.0.1.centos", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1.0.1.centos", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-0.9.8e-20.el5_7.1.src.rpm", "packageName": "openssl", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "packageFilename": "openssl-0.9.8e-20.el5_7.1.src.rpm", "packageName": "openssl", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2012:0060\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/018421.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018391.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018392.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0060.html", "edition": 1, "reporter": "CentOS Project", "published": "2012-01-24T16:54:22", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "openssl security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4109"], "modified": "2012-02-07T07:39:01", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/018391.html", "id": "CESA-2012:0060", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:55", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0059.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "any", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2012:0059\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018396.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0059.html", "edition": 1, "reporter": "CentOS Project", "published": "2012-01-30T15:25:59", "title": "openssl security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2012-01-30T15:25:59", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/018396.html", "id": "CESA-2012:0059", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-10-03T18:27:03", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0086.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i586", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.i586.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "x86_64", "packageName": "openssl", "packageFilename": "openssl-0.9.7a-43.18.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-0.9.7a-43.18.el4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-0.9.7a-43.18.el4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "x86_64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i586", "packageName": "openssl", "packageFilename": "openssl-0.9.7a-43.18.el4.i586.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i586", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.i586.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "any", "packageName": "openssl", "packageFilename": "openssl-0.9.7a-43.18.el4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageName": "openssl", "packageFilename": "openssl-0.9.7a-43.18.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "x86_64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2012:0086\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/018412.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0086.html", "edition": 1, "reporter": "CentOS Project", "published": "2012-02-01T17:15:00", "title": "openssl security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4576", "CVE-2011-4619"], "modified": "2012-02-01T17:15:00", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/018412.html", "id": "CESA-2012:0086", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-10-03T18:25:12", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0426.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "any", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i386", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-22.el5_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i386", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-22.el5_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "x86_64", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "x86_64", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "x86_64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-22.el5_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "x86_64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-22.el5_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "any", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i386", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "x86_64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "x86_64", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "x86_64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i386", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-22.el5_8.1.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2012:0426\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL parsed\nSecure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker\ncould use this flaw to crash an application that uses OpenSSL to decrypt or\nverify S/MIME messages. (CVE-2012-1165)\n\nA flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS)\nimplementations in OpenSSL. An attacker could possibly use this flaw to\nperform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or\nS/MIME message by sending a large number of chosen ciphertext messages to\na service using OpenSSL and measuring error response times. (CVE-2012-0884)\n\nThis update also fixes a regression caused by the fix for CVE-2011-4619,\nreleased via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated\nCryptography (SGC) handshakes to fail.\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-March/018528.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-March/018530.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0426.html", "edition": 1, "reporter": "CentOS Project", "published": "2012-03-27T20:47:32", "title": "openssl security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1165", "CVE-2011-4619", "CVE-2012-0884"], "modified": "2012-03-27T21:11:59", "href": "http://lists.centos.org/pipermail/centos-announce/2012-March/018528.html", "id": "CESA-2012:0426", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:43:37", "references": ["https://bugzilla.novell.com/739719"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0c-18.23.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-32bit-1.0.0c-18.23.1.x86_64.rpm", "packageName": "libopenssl1_0_0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.0-6.13.1", "arch": "i586", "packageFilename": "libopenssl1_0_0-1.0.0-6.13.1.i586.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0c-18.23.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-1.0.0c-18.23.1.x86_64.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0c-18.23.1", "arch": "x86_64", "packageFilename": "libopenssl-devel-1.0.0c-18.23.1.x86_64.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.0-6.13.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-32bit-1.0.0-6.13.1.x86_64.rpm", "packageName": "libopenssl1_0_0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.0-6.13.1", "arch": "x86_64", "packageFilename": "openssl-1.0.0-6.13.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0c-18.23.1", "arch": "noarch", "packageFilename": "openssl-doc-1.0.0c-18.23.1.noarch.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0c-18.23.1", "arch": "i586", "packageFilename": "libopenssl1_0_0-1.0.0c-18.23.1.i586.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.0-6.13.1", "arch": "i586", "packageFilename": "openssl-1.0.0-6.13.1.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0c-18.23.1", "arch": "i586", "packageFilename": "openssl-1.0.0c-18.23.1.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.0-6.13.1", "arch": "x86_64", "packageFilename": "libopenssl-devel-1.0.0-6.13.1.x86_64.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0c-18.23.1", "arch": "x86_64", "packageFilename": "openssl-1.0.0c-18.23.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.0-6.13.1", "arch": "i586", "packageFilename": "libopenssl-devel-1.0.0-6.13.1.i586.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0c-18.23.1", "arch": "i586", "packageFilename": "libopenssl-devel-1.0.0c-18.23.1.i586.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.0-6.13.1", "arch": "noarch", "packageFilename": "openssl-doc-1.0.0-6.13.1.noarch.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.0.0-6.13.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-1.0.0-6.13.1.x86_64.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}], "description": "Various security vulnerabilities have been fixed in openssl:\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n - malformed RFC 3779 data can cause assertion failures\n (CVE-2011-4577)\n - SGC restart DoS attack (CVE-2011-4619)\n - invalid GOST parameters DoS attack (CVE-2012-0027)\n\n", "edition": 1, "reporter": "Suse", "published": "2012-01-16T17:08:14", "title": "openssl: fixing various security issues (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2012-01-16T17:08:14", "id": "OPENSUSE-SU-2012:0083-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00041.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-04T11:28:40", "references": ["http://download.novell.com/patch/finder/?keywords=00effca53ebc7841a642ba4e7eeaa0b9", "https://bugzilla.novell.com/739719", "http://download.novell.com/patch/finder/?keywords=16f27ddd5506ebb38dc0015501b071d9"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.56.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.26.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.56.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.56.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.26.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.56.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.26.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.56.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel-64bit", "packageFilename": "openssl-devel-64bit-0.9.8a-18.56.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.56.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-32bit", "packageFilename": "openssl-32bit-0.9.8a-18.56.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.26.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.56.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.56.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.56.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel-32bit", "packageFilename": "openssl-devel-32bit-0.9.8a-18.56.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-x86", "packageFilename": "openssl-x86-0.9.8a-18.56.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.56.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8-x86", "packageFilename": "libopenssl0_9_8-x86-0.9.8j-0.26.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.56.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.56.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.56.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-64bit", "packageFilename": "openssl-64bit-0.9.8a-18.56.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.26.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.26.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.56.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-0.9.8j-0.26.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.56.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel-32bit", "packageFilename": "openssl-devel-32bit-0.9.8a-18.56.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.56.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.56.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.26.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.56.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.26.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.26.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.26.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-32bit", "packageFilename": "openssl-32bit-0.9.8a-18.56.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.26.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.26.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.26.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel-32bit", "packageFilename": "openssl-devel-32bit-0.9.8a-18.56.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.56.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-0.9.8j-0.26.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.56.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-32bit", "packageFilename": "openssl-32bit-0.9.8a-18.56.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.26.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.56.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.26.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.26.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.56.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-0.9.8j-0.26.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.56.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.26.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.26.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.26.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.56.3", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.56.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.26.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.26.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-0.9.8j-0.26.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}], "description": "Various security vulnerabilities have been fixed in OpenSSL:\n\n * DTLS plaintext recovery attack (CVE-2011-4108)\n * double-free in Policy Checks (CVE-2011-4109)\n * uninitialized SSL 3.0 padding (CVE-2011-4576)\n * malformed RFC 3779 data can cause assertion failures\n (CVE-2011-4577)\n * SGC restart DoS attack (CVE-2011-4619)\n", "edition": 1, "reporter": "Suse", "published": "2012-01-16T17:08:28", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for OpenSSL (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2011-4109"], "modified": "2012-01-16T17:08:28", "id": "SUSE-SU-2012:0084-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00042.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:31:56", "references": ["https://bugzilla.novell.com/749210", "https://bugzilla.novell.com/748738", "https://bugzilla.novell.com/758060", "https://bugzilla.novell.com/742821", "https://bugzilla.novell.com/749213", "https://bugzilla.novell.com/739719", "https://bugzilla.novell.com/761838", "http://download.novell.com/patch/finder/?keywords=615504b4f83955616ed79d66c69aaaae", "https://bugzilla.novell.com/749735", "https://bugzilla.novell.com/751946"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.45.63.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.45.63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.45.63.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.45.63.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8a-18.45.63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.45.63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.45.63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8a-18.45.63.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl-32bit", "packageFilename": "openssl-32bit-0.9.8a-18.45.63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl-32bit", "packageFilename": "openssl-32bit-0.9.8a-18.45.63.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl-devel-32bit", "packageFilename": "openssl-devel-32bit-0.9.8a-18.45.63.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl-devel-32bit", "packageFilename": "openssl-devel-32bit-0.9.8a-18.45.63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.63.1", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8a-18.45.63.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "This update of openssl fixes the following security issues:\n\n * Denial of Service or crash via CBC mode handling.\n (CVE-2012-2333\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333</a>\n &gt; )\n * Incorrect integer conversions that could result in\n memory corruption. (CVE-2012-2110\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110</a>\n &gt; , CVE-2012-2131\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131</a>\n &gt; )\n * Potential memory leak in multithreaded key creation.\n * Symmetric crypto errors in PKCS7_decrypt.\n * Free headers after use in error message.\n * S/MIME verification may erroneously fail.\n * Tolerating bad MIME headers in ANS.1 parser.\n (CVE-2012-1165\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165</a>\n &gt; , CVE-2006-7250\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250</a>\n &gt; )\n * DTLS DoS Attack. (CVE-2012-0050\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050</a>\n &gt; )\n * DTLS Plaintext Recovery Attack. (CVE-2011-4108\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108</a>\n &gt; )\n * Double-free in Policy Checks. (CVE-2011-4109\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109</a>\n &gt; )\n * Uninitialized SSL 3.0 Padding. (CVE-2011-4576\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576</a>\n &gt; )\n * SGC Restart DoS Attack. (CVE-2011-4619\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619</a>\n &gt; )\n\n\n", "edition": 1, "reporter": "Suse", "published": "2012-05-30T23:08:17", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for openssl (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2333", "CVE-2012-2131", "CVE-2011-4108", "CVE-2006-7250", "CVE-2011-4576", "CVE-2012-1165", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-2110", "CVE-2011-4109"], "modified": "2012-05-30T23:08:17", "id": "SUSE-SU-2012:0674-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00018.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:35:28", "references": ["https://bugzilla.novell.com/459468", "http://download.suse.com/patch/finder/?keywords=cf56900ecd68d8b418e857ef2c7b6136", "https://bugzilla.novell.com/880891", "https://bugzilla.novell.com/489641"], "affectedPackage": [{"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "x86_64", "packageFilename": "openssl-doc-0.9.7d-15.50.x86_64.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "9-201406041231", "arch": "x86_64", "packageFilename": "openssl-devel-32bit-9-201406041231.x86_64.rpm", "packageName": "openssl-devel-32bit", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390", "packageFilename": "openssl-0.9.7d-15.50.s390.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "9-201406060130", "arch": "s390x", "packageFilename": "openssl-32bit-9-201406060130.s390x.rpm", "packageName": "openssl-32bit", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "9-201406041231", "arch": "x86_64", "packageFilename": "openssl-32bit-9-201406041231.x86_64.rpm", "packageName": "openssl-32bit", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "i586", "packageFilename": "openssl-devel-0.9.7d-15.50.i586.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390", "packageFilename": "openssl-doc-0.9.7d-15.50.s390.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "9-201406060130", "arch": "s390x", "packageFilename": "openssl-devel-32bit-9-201406060130.s390x.rpm", "packageName": "openssl-devel-32bit", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "i586", "packageFilename": "openssl-doc-0.9.7d-15.50.i586.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390x", "packageFilename": "openssl-doc-0.9.7d-15.50.s390x.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390x", "packageFilename": "openssl-0.9.7d-15.50.s390x.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390x", "packageFilename": "openssl-devel-0.9.7d-15.50.s390x.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "x86_64", "packageFilename": "openssl-0.9.7d-15.50.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390", "packageFilename": "openssl-devel-0.9.7d-15.50.s390.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "i586", "packageFilename": "openssl-0.9.7d-15.50.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "x86_64", "packageFilename": "openssl-devel-0.9.7d-15.50.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}], "description": "OpenSSL was updated to fix the following security vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * ECC private key can leak on 32 bit platforms. (CVE-2011-4354)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>&gt; .\n\n Security Issues references:\n\n * CVE-2014-0224\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>&gt;\n * CVE-2011-4354\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4354\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4354</a>&gt;\n\n\n", "edition": 1, "reporter": "Suse", "published": "2014-06-07T00:04:15", "title": "Security update for OpenSSL (critical)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2011-4354"], "modified": "2014-06-07T00:04:15", "id": "SUSE-SU-2014:0768-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00011.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:38:49", "references": ["https://bugzilla.novell.com/865993", "https://bugzilla.novell.com/821818", "https://bugzilla.novell.com/754223", "https://bugzilla.novell.com/739898", "https://bugzilla.novell.com/554084", "http://download.novell.com/patch/finder/?keywords=3be1f1e8cc06d24d3e6d4ba2c4abdea4", "https://bugzilla.novell.com/753301", "https://bugzilla.novell.com/536809", "https://bugzilla.novell.com/865804", "https://bugzilla.novell.com/802651", "https://bugzilla.novell.com/659128"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "x86_64", "packageFilename": "gnutls-1.2.10-13.38.1.x86_64.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "x86_64", "packageFilename": "gnutls-32bit-1.2.10-13.38.1.x86_64.rpm", "packageName": "gnutls-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "x86_64", "packageFilename": "gnutls-devel-32bit-1.2.10-13.38.1.x86_64.rpm", "packageName": "gnutls-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "i586", "packageFilename": "gnutls-1.2.10-13.38.1.i586.rpm", "packageName": "gnutls", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "i586", "packageFilename": "gnutls-devel-1.2.10-13.38.1.i586.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "s390x", "packageFilename": "gnutls-32bit-1.2.10-13.38.1.s390x.rpm", "packageName": "gnutls-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "x86_64", "packageFilename": "gnutls-devel-1.2.10-13.38.1.x86_64.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "s390x", "packageFilename": "gnutls-devel-32bit-1.2.10-13.38.1.s390x.rpm", "packageName": "gnutls-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "s390x", "packageFilename": "gnutls-devel-1.2.10-13.38.1.s390x.rpm", "packageName": "gnutls-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.2.10-13.38.1", "arch": "s390x", "packageFilename": "gnutls-1.2.10-13.38.1.s390x.rpm", "packageName": "gnutls", "operator": "lt"}], "description": "The GnuTLS library received a critical security fix and\n other updates:\n\n * CVE-2014-0092: The X.509 certificate verification had\n incorrect error handling, which could lead to broken\n certificates marked as being valid.\n * CVE-2009-5138: A verification problem in handling V1\n certificates could also lead to V1 certificates incorrectly\n being handled.\n * CVE-2013-2116: The _gnutls_ciphertext2compressed\n function in lib/gnutls_cipher.c in GnuTLS allowed remote\n attackers to cause a denial of service (buffer over-read\n and crash) via a crafted padding length.\n * CVE-2013-1619: The TLS implementation in GnuTLS did\n not properly consider timing side-channel attacks on a\n noncompliant MAC check operation during the processing of\n malformed CBC padding, which allows remote attackers to\n conduct distinguishing attacks and plaintext-recovery\n attacks via statistical analysis of timing data for crafted\n packets, a related issue to CVE-2013-0169. (Lucky13)\n * CVE-2012-1569: The asn1_get_length_der function in\n decoding.c in GNU Libtasn1 , as used in GnuTLS did not\n properly handle certain large length values, which allowed\n remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly have\n unspecified other impact via a crafted ASN.1 structure.\n * CVE-2012-1573: gnutls_cipher.c in libgnutls in GnuTLS\n did not properly handle data encrypted with a block cipher,\n which allowed remote attackers to cause a denial of service\n (heap memory corruption and application crash) via a\n crafted record, as demonstrated by a crafted\n GenericBlockCipher structure.\n * CVE-2012-0390: The DTLS implementation in GnuTLS\n executed certain error-handling code only if there is a\n specific relationship between a padding length and the\n ciphertext size, which made it easier for remote attackers\n to recover partial plaintext via a timing side-channel\n attack, a related issue to CVE-2011-4108.\n\n Also some non security bugs have been fixed:\n\n * Did some more s390x size_t vs int fixes. (bnc#536809,\n bnc#659128)\n * re-enabled &quot;legacy negotiation&quot; (bnc#554084)\n * fix safe-renegotiation for sle10sp3 and sle10sp4 bug\n (bnc#554084)\n * fix bug bnc#536809, fix gnutls-cli to abort\n connection after detecting a bad certificate\n", "edition": 1, "reporter": "Suse", "published": "2014-03-04T01:04:52", "title": "Security update for gnutls (critical)", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2013-0169", "CVE-2013-1619", "CVE-2009-5138", "CVE-2014-0092", "CVE-2012-0390", "CVE-2012-1569", "CVE-2012-1573", "CVE-2013-2116"], "modified": "2014-03-04T01:04:52", "id": "SUSE-SU-2014:0320-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2017-09-09T07:19:53", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i386", "packageFilename": "openssl-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i386", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i686", "packageFilename": "openssl-0.9.8e-20.el5_7.1.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "src", "packageFilename": "openssl-0.9.8e-20.el5_7.1.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "x86_64", "packageFilename": "openssl-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "x86_64", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ppc", "packageFilename": "openssl-0.9.8e-20.el5_7.1.ppc.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ppc", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.ppc.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ppc", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.ppc.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ppc64", "packageFilename": "openssl-0.9.8e-20.el5_7.1.ppc64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ppc64", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.ppc64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "s390x", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.s390x.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "s390", "packageFilename": "openssl-0.9.8e-20.el5_7.1.s390.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "s390", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.s390.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "s390x", "packageFilename": "openssl-0.9.8e-20.el5_7.1.s390x.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "s390x", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.s390x.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "i386", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "x86_64", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ia64", "packageFilename": "openssl-0.9.8e-20.el5_7.1.ia64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ia64", "packageFilename": "openssl-perl-0.9.8e-20.el5_7.1.ia64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-20.el5_7.1", "arch": "ia64", "packageFilename": "openssl-devel-0.9.8e-20.el5_7.1.ia64.rpm", "packageName": "openssl-devel", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "reporter": "RedHat", "published": "2012-01-24T05:00:00", "type": "redhat", "title": "(RHSA-2012:0060) Moderate: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:57:45", "id": "RHSA-2012:0060", "href": "https://access.redhat.com/errata/RHSA-2012:0060", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-06T18:05:15", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "src", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "x86_64", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "ppc", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "ppc64", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "ppc64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "ppc64", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "ppc", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "ppc", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "ppc64", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "ppc64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "s390", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "s390x", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "s390x", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "s390x", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "s390", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "s390", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "s390x", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.1", "arch": "s390x", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.1.s390x.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "reporter": "RedHat", "published": "2012-01-24T05:00:00", "type": "redhat", "title": "(RHSA-2012:0059) Moderate: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:34", "id": "RHSA-2012:0059", "href": "https://access.redhat.com/errata/RHSA-2012:0059", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-09T07:20:07", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "x86_64", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "x86_64", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i686", "packageFilename": "openssl-0.9.7a-43.18.el4.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "x86_64", "packageFilename": "openssl-0.9.7a-43.18.el4.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "src", "packageFilename": "openssl-0.9.7a-43.18.el4.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ia64", "packageFilename": "openssl-0.9.7a-43.18.el4.ia64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ia64", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.ia64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ia64", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.ia64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageFilename": "openssl-0.9.7a-43.18.el4.i386.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "i386", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.i386.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ppc", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.ppc.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ppc", "packageFilename": "openssl-0.9.7a-43.18.el4.ppc.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ppc", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.ppc.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ppc64", "packageFilename": "openssl-0.9.7a-43.18.el4.ppc64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "ppc64", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.ppc64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "s390", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.s390.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "s390", "packageFilename": "openssl-0.9.7a-43.18.el4.s390.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "s390", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.s390.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "s390x", "packageFilename": "openssl-0.9.7a-43.18.el4.s390x.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "s390x", "packageFilename": "openssl-devel-0.9.7a-43.18.el4.s390x.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.el4", "arch": "s390x", "packageFilename": "openssl-perl-0.9.7a-43.18.el4.s390x.rpm", "packageName": "openssl-perl", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "reporter": "RedHat", "published": "2012-02-01T05:00:00", "type": "redhat", "title": "(RHSA-2012:0086) Moderate: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4576", "CVE-2011-4619"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:11:08", "id": "RHSA-2012:0086", "href": "https://access.redhat.com/errata/RHSA-2012:0086", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-06-07T05:58:26", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "6.2-20120209.0.el6_2", "arch": "noarch", "packageName": "rhev-hypervisor6-tools", "packageFilename": "rhev-hypervisor6-tools-6.2-20120209.0.el6_2.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "6.2-20120209.0.el6_2", "arch": "noarch", "packageName": "rhev-hypervisor6", "packageFilename": "rhev-hypervisor6-6.2-20120209.0.el6_2.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "6.2-20120209.0.el6_2", "arch": "src", "packageName": "rhev-hypervisor6", "packageFilename": "rhev-hypervisor6-6.2-20120209.0.el6_2.src.rpm", "operator": "lt"}], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2009-5029 and CVE-2011-4609 (glibc issues)\n\nCVE-2012-0056 (kernel issue)\n\nCVE-2011-4108 and CVE-2012-0050 (openssl issues)\n\nThis update also fixes the following bugs:\n\n* Previously, it was possible to begin a Hypervisor installation without\nany valid disks to install to.\n\nNow, if no valid disks are found for Hypervisor installation, a message is\ndisplayed informing the user that there are no valid disks for\ninstallation. (BZ#781471)\n\n* Previously, the user interface for the Hypervisor did not indicate\nwhether the system was registered with Red Hat Network (RHN) Classic or RHN\nSatellite. As a result, customers could not easily determine the\nregistration status of their Hypervisor installations.\n\nThe TUI has been updated to display the registration status of the\nHypervisor. (BZ#788223)\n\n* Previously, autoinstall would fail if the firstboot or reinstall options\nwere passed but local_boot or upgrade were not passed. Now, neither the\nlocal_boot or upgrade parameters are required for autoinstall. (BZ#788225)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "reporter": "RedHat", "published": "2012-02-15T05:00:00", "type": "redhat", "title": "(RHSA-2012:0109) Important: rhev-hypervisor6 security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0029", "CVE-2012-0050", "CVE-2012-0056"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:59:39", "id": "RHSA-2012:0109", "href": "https://access.redhat.com/errata/RHSA-2012:0109", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T21:10:46", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i686", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-0.9.8e-22.el5_8.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "x86_64", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-0.9.8e-22.el5_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "src", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i386", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-0.9.8e-22.el5_8.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i386", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i386", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-22.el5_8.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "x86_64", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "x86_64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-22.el5_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ppc64", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-0.9.8e-22.el5_8.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ppc", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-0.9.8e-22.el5_8.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ppc64", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ppc", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ppc", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-22.el5_8.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ppc", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-22.el5_8.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ppc64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-22.el5_8.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "s390", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-0.9.8e-22.el5_8.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "s390x", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-0.9.8e-22.el5_8.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "s390", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-22.el5_8.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "s390x", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "s390", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "s390x", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-22.el5_8.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "s390x", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-22.el5_8.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ia64", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-0.9.8e-22.el5_8.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "i386", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-22.el5_8.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "x86_64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-22.el5_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ia64", "packageName": "openssl", "packageFilename": "openssl-0.9.8e-22.el5_8.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ia64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-0.9.8e-22.el5_8.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-22.el5_8.1", "arch": "ia64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-0.9.8e-22.el5_8.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "src", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "x86_64", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "x86_64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "x86_64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "x86_64", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "x86_64", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "ppc", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "ppc64", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.3.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "ppc64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.3.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "ppc64", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.3.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "ppc", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "ppc", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "ppc64", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "ppc64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.3.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "s390", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.3.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "s390x", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.0-20.el6_2.3.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "s390x", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.0-20.el6_2.3.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "s390x", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.0-20.el6_2.3.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "s390", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.3.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "s390x", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "s390x", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.0-20.el6_2.3.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.0-20.el6_2.3", "arch": "s390", "packageName": "openssl", "packageFilename": "openssl-1.0.0-20.el6_2.3.s390.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL parsed\nSecure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker\ncould use this flaw to crash an application that uses OpenSSL to decrypt or\nverify S/MIME messages. (CVE-2012-1165)\n\nA flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS)\nimplementations in OpenSSL. An attacker could possibly use this flaw to\nperform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or\nS/MIME message by sending a large number of chosen ciphertext messages to\na service using OpenSSL and measuring error response times. (CVE-2012-0884)\n\nThis update also fixes a regression caused by the fix for CVE-2011-4619,\nreleased via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated\nCryptography (SGC) handshakes to fail.\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "reporter": "RedHat", "published": "2012-03-27T04:00:00", "type": "redhat", "title": "(RHSA-2012:0426) Moderate: openssl security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4619", "CVE-2012-0884", "CVE-2012-1165"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:24", "id": "RHSA-2012:0426", "href": "https://access.redhat.com/errata/RHSA-2012:0426", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-05-25T03:52:39", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.8-20120202.0.el5", "arch": "noarch", "packageName": "rhev-hypervisor5-tools", "packageFilename": "rhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.8-20120202.0.el5", "arch": "noarch", "packageName": "rhev-hypervisor5", "packageFilename": "rhev-hypervisor5-5.8-20120202.0.el5.noarch.rpm", "operator": "lt"}], "description": "The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.\nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA divide-by-zero flaw was found in the Linux kernel's igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029,\nand Simon McVittie for reporting CVE-2012-0207.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2006-1168 and CVE-2011-2716 (busybox issues)\n\nCVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc\nissues)\n\nCVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and\nCVE-2012-0028 (kernel issues)\n\nCVE-2011-1526 (krb5 issue)\n\nCVE-2011-4347 (kvm issue)\n\nCVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919\nand CVE-2011-1944 (libxml2 issues)\n\nCVE-2011-1749 (nfs-utils issue)\n\nCVE-2011-4108 (openssl issue)\n\nCVE-2011-0010 (sudo issue)\n\nCVE-2011-1675 and CVE-2011-1677 (util-linux issues)\n\nCVE-2010-0424 (vixie-cron issue)\n\nThis updated rhev-hypervisor5 package fixes various bugs. Documentation of\nthese changes will be available shortly in the Technical Notes document:\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "reporter": "RedHat", "published": "2012-02-21T05:00:00", "type": "redhat", "title": "(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update", "enchantments": {"score": {"modified": "2018-05-25T03:52:39", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-1168", "CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0424", "CVE-2010-0830", "CVE-2010-4008", "CVE-2011-0010", "CVE-2011-0216", "CVE-2011-1083", "CVE-2011-1089", "CVE-2011-1526", "CVE-2011-1675", "CVE-2011-1677", "CVE-2011-1749", "CVE-2011-1944", "CVE-2011-2716", "CVE-2011-2834", "CVE-2011-3638", "CVE-2011-3905", "CVE-2011-3919", "CVE-2011-4086", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4127", "CVE-2011-4347", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0028", "CVE-2012-0029", "CVE-2012-0207"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-25T06:35:47", "id": "RHSA-2012:0168", "href": "https://access.redhat.com/errata/RHSA-2012:0168", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:01", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4576", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4109", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4108", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0027", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1945", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4354", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4577", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0050", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4619", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-3210"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "1.0.0e-2ubuntu4.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "1.0.0e-2ubuntu4.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "0.9.8k-7ubuntu8.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "0.9.8g-4ubuntu3.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "0.9.8k-7ubuntu8.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl0.9.8", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "0.9.8o-5ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "0.9.8o-1ubuntu4.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "0.9.8o-1ubuntu4.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl0.9.8", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "0.9.8g-4ubuntu3.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl0.9.8", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "0.9.8o-5ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl0.9.8", "operator": "lt"}], "description": "It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3210)\n\nNadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108)\n\nAntonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to cause a denial of service. (CVE-2012-0050)\n\nBen Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354)\n\nAdam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could allow a remote attacker to obtain sensitive information. (CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. (CVE-2011-4577)\n\nAdam Langley discovered that the Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts. This could allow a remote attacker to cause a denial of service. (CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027)", "edition": 3, "reporter": "Ubuntu", "published": "2012-02-09T00:00:00", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3210", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2011-4354", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109", "CVE-2011-1945"], "modified": "2012-02-09T00:00:00", "id": "USN-1357-1", "href": "https://usn.ubuntu.com/1357-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2016-09-28T21:03:56", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0059.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "x86_64", "packageFilename": "openssl-static-1.0.0g-1.26.amzn1.x86_64", "packageName": "openssl-static", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "i686", "packageFilename": "openssl-perl-1.0.0g-1.26.amzn1.i686", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "i686", "packageFilename": "openssl-debuginfo-1.0.0g-1.26.amzn1.i686", "packageName": "openssl-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "src", "packageFilename": "openssl-1.0.0g-1.26.amzn1.src", "packageName": "openssl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "i686", "packageFilename": "openssl-static-1.0.0g-1.26.amzn1.i686", "packageName": "openssl-static", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "i686", "packageFilename": "openssl-1.0.0g-1.26.amzn1.i686", "packageName": "openssl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "x86_64", "packageFilename": "openssl-devel-1.0.0g-1.26.amzn1.x86_64", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "x86_64", "packageFilename": "openssl-debuginfo-1.0.0g-1.26.amzn1.x86_64", "packageName": "openssl-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "x86_64", "packageFilename": "openssl-perl-1.0.0g-1.26.amzn1.x86_64", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "i686", "packageFilename": "openssl-devel-1.0.0g-1.26.amzn1.i686", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.0.0g-1.26", "arch": "x86_64", "packageFilename": "openssl-1.0.0g-1.26.amzn1.x86_64", "packageName": "openssl", "operator": "lt"}], "edition": 1, "description": "**Issue Overview:**\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. ([CVE-2011-4108 __](<https://access.redhat.com/security/cve/CVE-2011-4108>))\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. ([CVE-2011-4576 __](<https://access.redhat.com/security/cve/CVE-2011-4576>))\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. ([CVE-2011-4577 __](<https://access.redhat.com/security/cve/CVE-2011-4577>))\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. ([CVE-2011-4619 __](<https://access.redhat.com/security/cve/CVE-2011-4619>))\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n openssl-1.0.0g-1.26.amzn1.i686 \n openssl-perl-1.0.0g-1.26.amzn1.i686 \n openssl-devel-1.0.0g-1.26.amzn1.i686 \n openssl-debuginfo-1.0.0g-1.26.amzn1.i686 \n openssl-static-1.0.0g-1.26.amzn1.i686 \n \n src: \n openssl-1.0.0g-1.26.amzn1.src \n \n x86_64: \n openssl-static-1.0.0g-1.26.amzn1.x86_64 \n openssl-debuginfo-1.0.0g-1.26.amzn1.x86_64 \n openssl-devel-1.0.0g-1.26.amzn1.x86_64 \n openssl-perl-1.0.0g-1.26.amzn1.x86_64 \n openssl-1.0.0g-1.26.amzn1.x86_64 \n \n \n", "reporter": "Amazon", "published": "2012-02-02T14:24:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "amazon", "title": "Medium: openssl", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2014-09-14T15:14:00", "id": "ALAS-2012-38", "href": "https://alas.aws.amazon.com/ALAS-2012-38.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cert": [{"lastseen": "2018-09-05T16:46:23", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2333", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4576", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3864", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0884", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166", "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&operatingSystem=win7x64", "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&operatingSystem=win7x64", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4619", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4108", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4577", "https://www.openssl.org/news/vulnerabilities.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4180", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4109", "http://w3.efi.com/Fiery"], "description": "### Overview\n\nFiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o).\n\n### Description\n\nFiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier uses OpenSSL for SSL/TLS encryption. The version of OpenSSL that comes with the Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier is 0.9.8o that is out of date and known to be vulnerable. \n \n--- \n \n### Impact\n\nA remote attacker may be able to cause a denial of service or possibly run arbitrary code. \n \n--- \n \n### Solution\n\n**Apply an Update**\n\nApply patch 1-1IJ6ZK. The patch will upgrade OpenSSL to version 0.9.8x. Patch 1-1IJ6ZK can be obtained from [Xerox tech support](<http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&operatingSystem=win7x64>). \n \n--- \n \n**Restrict access** \n \nAs a general good security practice, only allow connections from trusted hosts and networks. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEFI| | 18 Dec 2012| 18 Mar 2013 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23737740 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.9 | AV:A/AC:M/Au:N/C:P/I:P/A:C \nTemporal | 5.1 | E:U/RL:OF/RC:C \nEnvironmental | 1.0 | CDP:L/TD:L/CR:L/IR:L/AR:L \n \n### References\n\n * [http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&amp;operatingSystem;=win7x64](<http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&operatingSystem=win7x64>)\n * <https://www.openssl.org/news/vulnerabilities.html>\n * <http://w3.efi.com/Fiery>\n\n### Credit\n\nThanks to Curtis Rhodes for reporting this vulnerability.\n\nThis document was written by Jared Allar.\n\n### Other Information\n\n * CVE IDs: [CVE-2013-0169](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169>) [CVE-2013-0166](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166>) [CVE-2012-2333](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2333>) [CVE-2012-0884](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0884>) [CVE-2011-4619](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4619>) [CVE-2011-4577](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4577>) [CVE-2011-4576](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4576>) [CVE-2011-4109](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4109>) [CVE-2011-4108](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4108>) [CVE-2010-4180](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4180>) [CVE-2010-3864](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3864>)\n * Date Public: 18 Mar 2013\n * Date First Published: 18 Mar 2013\n * Date Last Updated: 02 May 2013\n * Document Revision: 29\n\n", "edition": 5, "reporter": "CERT", "published": "2013-03-18T00:00:00", "title": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2013-0166", "CVE-2013-0166", "CVE-2012-2333", "CVE-2012-2333", "CVE-2011-4108", "CVE-2011-4108", "CVE-2013-0169", "CVE-2013-0169", "CVE-2011-4576", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4577", "CVE-2010-4180", "CVE-2010-4180", "CVE-2011-4619", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-0884", "CVE-2010-3864", "CVE-2010-3864", "CVE-2011-4109", "CVE-2011-4109"], "modified": "2013-05-02T00:00:00", "id": "VU:737740", "href": "https://www.kb.cert.org/vuls/id/737740", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03315912\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03315912\r\nVersion: 1\r\n\r\nHPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator &#40;OA&#41;, Remote\r\nUnauthorized Access to Data, Unauthorized Disclosure of Information Denial of\r\nService &#40;DoS&#41;\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2012-06-07\r\nLast Updated: 2012-06-07\r\n\r\nPotential Security Impact: Remote unauthorized access to data, unauthorized\r\ndisclosure of information, Denial of Service &#40;DoS&#41;\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP Onboard\r\nAdministrator &#40;OA&#41;. The vulnerabilities could be exploited remotely resulting\r\nin unauthorized access to data, unauthorized disclosure of information, and\r\nDenial of Service &#40;DoS&#41;.\r\n\r\nReferences: CVE-2011-3192, CVE-2011-1473, CVE-2011-2691, CVE-2011-4108,\r\nCVE-2011-4576, CVE-2011-4619, CVE-2012-0050, CVE-2012-0053, CVE-2012-0884,\r\nCVE-2012-2110, CVE-2012-1583, SSRT100654, Nessus 53360\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Onboard Administrator &#40;OA&#41; up to and including v3.55\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2012-0053 &#40;AV:N/AC:M/Au:N/C:P/I:N/A:N&#41; 4.3\r\nCVE-2012-0050 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\nCVE-2011-4619 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\nCVE-2011-4576 &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41; 5.0\r\nCVE-2011-4108 &#40;AV:N/AC:M/Au:N/C:P/I:N/A:N&#41; 4.3\r\nCVE-2011-3192 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:C&#41; 7.8\r\nCVE-2011-2691 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\nCVE-2011-1473 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:P&#41; 5.8\r\nCVE-2012-0884 &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41; 5.0\r\nCVE-2012-2110 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2012-1583 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:C&#41; 7.8\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made Onboard Administrator &#40;OA&#41; v3.56 or subsequent available to\r\nresolve the vulnerabilities.\r\n\r\nOnboard Administrator &#40;OA&#41; v3.56 is available here:\r\n\r\nhttp://www.hp.com/swpublishing/MTX-e41b71e6cfbe471dbd029deaab\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 7 June 2012 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated\r\nperiodically, is contained in HP Security Notice HPSN-2011-001:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c02964430\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2012 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk/RB94ACgkQ4B86/C0qfVlG8ACfVds+3MuA3kLohkKj3BKSsjT2\r\nIKsAn34/TSWNZNR4LqwwVbCfScPGxTjw\r\n=gxe7\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2012-06-17T00:00:00", "title": "[security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator &#40;OA&#41;, Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service &#40;DoS&#41;", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:44", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-1473", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-1583", "CVE-2012-0053", "CVE-2012-0050", "CVE-2011-2691", "CVE-2011-3192", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2012-06-17T00:00:00", "id": "SECURITYVULNS:DOC:28164", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28164", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:47", "references": ["https://vulners.com/securityvulns/securityvulns:doc:28164"], "description": "Unauthorized access, DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2012-06-17T00:00:00", "title": "HP Onboard Administrator multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:47", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "HP Onboard Administrator", "version": "3.55", "operator": "eq"}], "cvelist": ["CVE-2011-1473", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-1583", "CVE-2012-0053", "CVE-2012-0050", "CVE-2011-2691", "CVE-2011-3192", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2012-06-17T00:00:00", "id": "SECURITYVULNS:VULN:12425", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12425", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:48", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update\r\n2013-002\r\n\r\nOS X Mountain Lion v10.8.4 and Security Update 2013-002 is now\r\navailable and addresses the following:\r\n\r\nCFNetwork\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.3\r\nImpact: An attacker with access to a user&#39;s session may be able to\r\nlog into previously accessed sites, even if Private Browsing was used\r\nDescription: Permanent cookies were saved after quitting Safari,\r\neven when Private Browsing was enabled. This issue was addressed by\r\nimproved handling of cookies.\r\nCVE-ID\r\nCVE-2013-0982 : Alexander Traud of www.traud.de\r\n\r\nCoreAnimation\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Visiting a maliciously crafted site may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An unbounded stack allocation issue existed in the\r\nhandling of text glyphs. This could be triggered by maliciously\r\ncrafted URLs in Safari. The issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2013-0983 : David Fifield of Stanford University, Ben Syverson\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Lion v10.7 to v10.7.5,\r\nOS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of text tracks. This issue was addressed by additional\r\nvalidation of text tracks.\r\nCVE-ID\r\nCVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation\r\n\r\nCUPS\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.3\r\nImpact: A local user in the lpadmin group may be able to read or\r\nwrite arbitrary files with system privileges\r\nDescription: A privilege escalation issue existed in the handling of\r\nCUPS configuration via the CUPS web interface. A local user in the\r\nlpadmin group may be able to read or write arbitrary files with\r\nsystem privileges. This issue was addressed by moving certain\r\nconfiguration directives to cups-files.conf, which can not be\r\nmodified from the CUPS web interface.\r\nCVE-ID\r\nCVE-2012-5519\r\n\r\nDirectory Service\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8\r\nImpact: A remote attacker may execute arbitrary code with system\r\nprivileges on systems with Directory Service enabled\r\nDescription: An issue existed in the directory server&#39;s handling of\r\nmessages from the network. By sending a maliciously crafted message,\r\na remote attacker could cause the directory server to terminate or\r\nexecute arbitrary code with system privileges. This issue was\r\naddressed through improved bounds checking. This issue does not\r\naffect OS X Lion or OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2013-0984 : Nicolas Economou of Core Security\r\n\r\nDisk Management\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.3\r\nImpact: A local user may disable FileVault\r\nDescription: A local user who is not an administrator may disable\r\nFileVault using the command-line. This issue was addressed by adding\r\nadditional authentication.\r\nCVE-ID\r\nCVE-2013-0985\r\n\r\nOpenSSL\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There were known attacks on the confidentiality of TLS\r\n1.0 when compression was enabled. This issue was addressed by\r\ndisabling compression in OpenSSL.\r\nCVE-ID\r\nCVE-2012-4929 : Juliano Rizzo and Thai Duong\r\n\r\nOpenSSL\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Multiple vulnerabilities in OpenSSL\r\nDescription: OpenSSL was updated to version 0.9.8x to address\r\nmultiple vulnerabilities, which may lead to denial of service or\r\ndisclosure of a private key. Further information is available via the\r\nOpenSSL website at http://www.openssl.org/news/\r\nCVE-ID\r\nCVE-2011-1945\r\nCVE-2011-3207\r\nCVE-2011-3210\r\nCVE-2011-4108\r\nCVE-2011-4109\r\nCVE-2011-4576\r\nCVE-2011-4577\r\nCVE-2011-4619\r\nCVE-2012-0050\r\nCVE-2012-2110\r\nCVE-2012-2131\r\nCVE-2012-2333\r\n\r\nQuickDraw Manager\r\nAvailable for: OS X Lion v10.7 to v10.7.5,\r\nOS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Opening a maliciously crafted PICT image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of PICT\r\nimages. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0975 : Tobias Klein working with HP&#39;s Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of &#39;enof&#39;\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0986 : Tom Gallagher &#40;Microsoft&#41; &amp; Paul Bates &#40;Microsoft&#41;\r\nworking with HP&#39;s Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Viewing a maliciously crafted QTIF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nQTIF files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-0987 : roob working with iDefense VCP\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Viewing a maliciously crafted FPX file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of FPX files.\r\nThis issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0988 : G. Geshev working with HP&#39;s Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Playing a maliciously crafted MP3 file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of MP3 files.\r\nThis issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0989 : G. Geshev working with HP&#39;s Zero Day Initiative\r\n\r\nRuby\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8\r\nImpact: Multiple vulnerabilities in Ruby on Rails\r\nDescription: Multiple vulnerabilities existed in Ruby on Rails, the\r\nmost serious of which may lead to arbitrary code execution on systems\r\nrunning Ruby on Rails applications. These issues were addressed by\r\nupdating Ruby on Rails to version 2.3.18. This issue may affect OS X\r\nLion or OS X Mountain Lion systems that were upgraded from Mac OS X\r\n10.6.8 or earlier. Users can update affected gems on such systems by\r\nusing the /usr/bin/gem utility.\r\nCVE-ID\r\nCVE-2013-0155\r\nCVE-2013-0276\r\nCVE-2013-0277\r\nCVE-2013-0333\r\nCVE-2013-1854\r\nCVE-2013-1855\r\nCVE-2013-1856\r\nCVE-2013-1857\r\n\r\nSMB\r\nAvailable for: OS X Lion v10.7 to v10.7.5,\r\nOS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: An authenticated user may be able to write files outside the\r\nshared directory\r\nDescription: If SMB file sharing is enabled, an authenticated user\r\nmay be able to write files outside the shared directory. This issue\r\nwas addressed through improved access control.\r\nCVE-ID\r\nCVE-2013-0990 : Ward van Wanrooij\r\n\r\nNote: Starting with OS X 10.8.4, Java Web Start &#40;i.e. JNLP&#41;\r\napplications downloaded from the Internet need to be signed with\r\na Developer ID certificate. Gatekeeper will check downloaded\r\nJava Web Start applications for a signature and block such\r\napplications from launching if they are not properly signed.\r\n\r\nNote: OS X Mountain Lion v10.8.4 includes the content of\r\nSafari 6.0.5. For further details see &quot;About the security content\r\nof Safari 6.0.5&quot; at http://http//support.apple.com/kb/HT5785\r\n\r\nOS X Mountain Lion v10.8.4 and Security Update 2013-002 may be\r\nobtained from the Software Update pane in System Preferences,\r\nor Apple&#39;s Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nOS X Mountain Lion v10.8.4, or Security Update\r\n2013-002.\r\n\r\nFor OS X Mountain Lion v10.8.3\r\nThe download file is named: OSXUpd10.8.4.dmg\r\nIts SHA-1 digest is: 9cf99aa1293cefdac0fb9a24ea133c80f8237b5e\r\n\r\nFor OS X Mountain Lion v10.8 and v10.8.2\r\nThe download file is named: OSXUpdCombo10.8.4.dmg\r\nIts SHA-1 digest is: 3c95d0c8d0c7f43339a5f4e137e386dd5fe409c3\r\n\r\nFor OS X Lion v10.7.5\r\nThe download file is named: SecUpd2013-002.dmg\r\nIts SHA-1 digest is: cfc3bd0941d7c5838aee9e92ee087d78abff3ce7\r\n\r\nFor OS X Lion Server v10.7.5\r\nThe download file is named: SecUpdSrvr2013-002.dmg\r\nIts SHA-1 digest is: 34dff575a145e13404e7a2ee8a390d3e7c56fb5e\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2013-002.dmg\r\nIts SHA-1 digest is: 5da54b38ffb8c147925c3018a8f5bf30ad4ac5b1\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2013-002.dmg\r\nIts SHA-1 digest is: b20271f019930fe894c2247a6d5e05f00568b583\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJRrjkiAAoJEPefwLHPlZEwW+AP/0x/cHS3VPY0/a98Xpmdfkdb\r\neo9Ns5FKw6mIkUftrN6qwNAgFXWqQXNIbJ3q8ZnoxcFPakhYyPSp4XowpR79l7kG\r\nB2ZrdTx9aIn2bfHZ+h4cE8XnVL8qUDz2RxFopOGbb+wpJxl8/fehDmWokC5wCeF5\r\nN7mnwW2s37QL73BmAMRdi6CYcJCKwhZWGFWmqiNvpFlUP+kcjU/UM1MAzOu0xsiA\r\nPD6NrWeUOWfFrcQgx/pspWGvrFyV4FLu+0wQBl9f/DiQNrwVXIr85rHtah+b1NCU\r\npteSxQwb4kRojXdPm4+I3LKoghzGR8xD6+Xl6KdYgReSW89Di4bKM3WpbRLqhRuq\r\n8kv38Gk3/vZDfAnuNQX09dE6EgJ0DVu86SoRQZ1iYRQoLrizVsOvyVQUojZhT47t\r\n6l44L/5cNJd7EcaC8hdmr44cCZdMPDEqoKzn2BavH62WYXbZMPlHBDo/H2ujUUec\r\ni7XU7LA1Upw57X4wmIUU4QrlBhNBh39yRKh3katAklayFBjOMEyyL57gURvd6O77\r\ngFOQpUQ6kgqwgQCrtNT6R96igfyu7cVxYW7XchZDHgA3n/YWOAVvXkVeeQ5OUGzC\r\nO0UYLMBpPka31yfWP23QaXpV+LW462raI6LnMvRP1245RhokTTThZw6/9xochK2V\r\n+VoeoamqaQqZGyOiObbU\r\n=vG2v\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2013-06-17T00:00:00", "title": "APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:48", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-3210", "CVE-2013-0989", "CVE-2012-2333", "CVE-2013-0975", "CVE-2012-2131", "CVE-2013-1854", "CVE-2011-4108", "CVE-2013-0276", "CVE-2013-0982", "CVE-2011-4576", "CVE-2013-1856", "CVE-2013-0984", "CVE-2011-4577", "CVE-2013-1855", "CVE-2013-0983", "CVE-2011-4619", "CVE-2013-0985", "CVE-2012-5519", "CVE-2012-4929", "CVE-2013-0986", "CVE-2012-0050", "CVE-2013-0990", "CVE-2013-0277", "CVE-2013-0155", "CVE-2012-2110", "CVE-2013-0987", "CVE-2011-3207", "CVE-2013-0333", "CVE-2013-1857", "CVE-2013-0988", "CVE-2011-4109", "CVE-2011-1945", "CVE-2013-1024"], "modified": "2013-06-17T00:00:00", "id": "SECURITYVULNS:DOC:29464", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29464", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:44", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2454-1 security@debian.org\r\nhttp://www.debian.org/security/ Raphael Geissert\r\nApril 19, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : openssl\r\nVulnerability : multiple\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-0884 CVE-2012-1165 CVE-2012-2110\r\n\r\nMultiple vulnerabilities have been found in OpenSSL. The Common\r\nVulnerabilities and Exposures project identifies the following issues:\r\n\r\nCVE-2012-0884\r\n\r\n Ivan Nestlerode discovered a weakness in the CMS and PKCS #7\r\n implementations that could allow an attacker to decrypt data\r\n via a Million Message Attack &#40;MMA&#41;.\r\n\r\nCVE-2012-1165\r\n\r\n It was discovered that a NULL pointer could be dereferenced\r\n when parsing certain S/MIME messages, leading to denial of\r\n service.\r\n\r\nCVE-2012-2110\r\n\r\n Tavis Ormandy, Google Security Team, discovered a vulnerability\r\n in the way DER-encoded ASN.1 data is parsed that can result in\r\n a heap overflow.\r\n\r\n\r\nAdditionally, the fix for CVE-2011-4619 has been updated to address an\r\nissue with SGC handshakes.\r\n\r\nFor the stable distribution &#40;squeeze&#41;, these problems have been fixed in\r\nversion 0.9.8o-4squeeze11.\r\n\r\nFor the testing distribution &#40;wheezy&#41;, these problems will be fixed soon.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems have been fixed in\r\nversion 1.0.1a-1.\r\n\r\nWe recommend that you upgrade your openssl packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk+QgdEACgkQYy49rUbZzlrPxACgmA4me/ZAVZS/TDIifkHgiU9q\r\nx/QAn0pU8BwEFv8ugmm746OX7jDQMnYP\r\n=JCSE\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2012-04-22T00:00:00", "title": "[SECURITY] [DSA 2454-1] openssl security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:44", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-1165", "CVE-2011-4619", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2012-04-22T00:00:00", "id": "SECURITYVULNS:DOC:27941", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27941", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "thn": [{"lastseen": "2018-01-27T09:17:40", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"], "references": [], "description": "[](<https://2.bp.blogspot.com/-7dRb3jqW1rU/WX747ONpLWI/AAAAAAAAt20/gddwfuUY_CAoGcwZZQLizx-m9tgEbo99wCLcBGAs/s1600/hacking-voting-machine.png>) \n--- \nImage Credit: @tjhorner \nToday, election hacking is not just about hacking voting machines, rather it now also includes [hacking and leaking dirty secrets](<https://thehackernews.com/2017/05/hackers-tainted-leaks.html>) of the targeted political parties\u2014and there won\u2019t be a perfect example than the last year's [US presidential election](<https://thehackernews.com/2016/07/hillary-clinton-hacked.html>). \n \nBut, in countries like America, even hacking electronic voting machines is possible\u2014that too, in a matter of minutes. \n \nSeveral hackers reportedly managed to hack into multiple United States voting machines in a relatively short period\u2014in some cases within minutes, and in other within a few hours\u2014at Def Con cybersecurity conference held in Las Vegas this week. \n \nCiting the concern of people with the integrity and [security of American elections](<https://thehackernews.com/2016/07/wikileaks-dnc-emails.html>), for the first time, Def Con hosted a \"**Voting Machine Village**\" event, where tech-savvy attendees tried to hack some systems and help catch vulnerabilities. \n \nVoting Machine Village provided 30 different pieces of voting equipment used in American elections in a room, which included Sequoia AVC Edge, ES&amp;S iVotronic, AccuVote TSX, WinVote, and Diebold Expresspoll 4000 voting machines. \n \nAnd what's horrible? The group of attendees reportedly took less than 90 minutes to compromise these voting machines. \n\n\n[](<https://1.bp.blogspot.com/-VTyV20pxWYc/WX724l2liCI/AAAAAAAAt2k/p1R1QxUYMXMDBLaaTPIH3L-nZJaRVTC0gCLcBGAs/s1600/electronic-voting-machine-hacking.png>)\n\nMembers of the Def Con hacking community managed to take complete control of an e-poll book, an election equipment which is currently in use in dozens of states where voters sign in and receive their ballots. \n \nOther hackers in attendance claimed to have found significant security flaws in the AccuVote TSX, which is currently in use in 19 states, and the Sequoia AVC Edge, used in 13 states. \n \nAnother hacker broke into the hardware and firmware of the Diebold TSX voting machine. \n \nHackers were also able to hack into the WinVote voting machine, which is available on eBay, and have long been removed from use in elections due to its vulnerabilities. \n \nHackers discovered a remote access vulnerability in WinVote's operating system, which exposed real election data that was still stored in the machine. \n \nAnother hacker hacked into the Express-Pollbook system and exposed the internal data structure via a known OpenSSL vulnerability (CVE-2011-4109), allowing anyone to carry out remote attacks. \n\n\n> \"Without question, our voting systems are weak and susceptible. Thanks to the contributors of the hacker community today, we\u2019ve uncovered even more about exactly how,\" said Jake Braun, a cybersecurity expert at the University of Chicago, told [Reg media](<https://www.theregister.co.uk/2017/07/29/us_voting_machines_hacking/>).\n\n> \"The scary thing is we also know that our foreign adversaries \u2014 including Russia, North Korea, Iran \u2014 possess the capabilities to hack them too, in the process undermining the principles of democracy and threatening our national security.\"\n\nElection hacking became a major debate following the 2016 US presidential election, where it was [reported](<https://www.dailydot.com/layer8/russia-hack-2016-election-39-states/>) that [Russian hackers](<https://thehackernews.com/2016/07/russia-dnc-email-hack.html>) managed to [access U.S. voting machines](<https://thehackernews.com/2016/08/election-system-hack.html>) in at least 39 states in the run-up to the election. \n \nHowever, there is no evidence yet to justify these claims. \n \nEven, Hacking of voting machines is also a major concern in India these days, but the government and election commission has declined to host such event to test the integrity of EVMs (Electronic Voting Machines) used during the country's General and State Elections.\n", "reporter": "Mohit Kumar", "published": "2017-07-30T22:32:00", "type": "thn", "title": "Hackers Take Over US Voting Machines In Just 90 Minutes", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2011-4109"], "_object_type": "robots.models.thn.ThnBulletin", "modified": "2017-07-31T20:27:55", "id": "THN:A69F7E93E0EA3AF653136A37387E82C7", "href": "https://thehackernews.com/2017/07/hacking-voting-machine.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:32", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208101-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208106-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "4.1 Update 3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi-5.0.0-20121201001", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi410-201208101-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "4.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "eq"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "4.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "eq"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208102-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "5.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "eq"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "4.1 Update 3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201209401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "3.5", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "eq"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "5.0 Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208104-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "3.5", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "eq"}, {"OS": "any", "OSVersion": "any", "packageVersion": "1.0.x", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCOps", "operator": "eq"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.0.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCOps", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201209402-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208103-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208107-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "2.5", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "VirtualCenter", "operator": "eq"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201209404-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "4.0 Update 4a", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "4.0 Update 4a", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208105-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}], "description": "a. vCenter and ESX update to JRE 1.6.0 Update 31 \nThe Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 3, "reporter": "VMware", "published": "2012-08-30T00:00:00", "title": "VMware vSphere and vCOps updates to third party libraries", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2011-3188", "CVE-2011-4108", "CVE-2011-4609", "CVE-2011-4128", "CVE-2012-0815", "CVE-2011-3597", "CVE-2011-4324", "CVE-2011-4110", "CVE-2011-4576", "CVE-2011-4577", "CVE-2010-4180", "CVE-2010-4410", "CVE-2011-2699", "CVE-2011-4619", "CVE-2010-2761", "CVE-2011-4132", "CVE-2011-0014", "CVE-2010-0830", "CVE-2011-2484", "CVE-2012-1583", "CVE-2012-0061", "CVE-2012-0393", "CVE-2011-3209", "CVE-2012-0050", "CVE-2011-3363", "CVE-2012-0060", "CVE-2011-1833", "CVE-2012-0207", "CVE-2011-1020", "CVE-2012-2110", "CVE-2012-1569", "CVE-2010-4252", "CVE-2012-0841", "CVE-2009-5029", "CVE-2011-4325", "CVE-2012-1573", "CVE-2011-4109", "CVE-2011-1089", "CVE-2009-5064", "CVE-2011-2496"], "modified": "2012-12-20T00:00:00", "id": "VMSA-2012-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0013.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}