Lucene search
SuseSUSE-SA:2005:061HistoryOct 19, 2005 - 12:57 p.m.
protocol downgrade attack in openssl
2005-10-1912:57:35
lists.opensuse.org
21
0.013 Low
EPSS
Percentile
85.7%
The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which is commonly used in applications). (CAN-2005-2969)
Solution
Please install the updated packages. A work-around would be to disable SSL v2 support in the applications.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.1 | x86_64 | openssl | < 0.9.7d-15.15.3 | openssl-0.9.7d-15.15.3.x86_64.rpm |
| openSUSE | 10.0 | x86_64 | openssl-devel-32bit | < 0.9.7g-2.2 | openssl-devel-32bit-0.9.7g-2.2.x86_64.rpm |
| openSUSE | 9.2 | x86_64 | openssl-32bit | < 9.2-200510160152 | openssl-32bit-9.2-200510160152.x86_64.rpm |
| openSUSE | 10.0 | x86_64 | openssl | < 0.9.7g-2.2 | openssl-0.9.7g-2.2.x86_64.rpm |
| openSUSE | 9.1 | i586 | openssl-devel | < 0.9.7d-15.15.3 | openssl-devel-0.9.7d-15.15.3.i586.rpm |
| openSUSE | 9.3 | i586 | openssl-devel | < 0.9.7e-3.2 | openssl-devel-0.9.7e-3.2.i586.rpm |
| openSUSE | 9.2 | x86_64 | openssl | < 0.9.7d-25.2 | openssl-0.9.7d-25.2.x86_64.rpm |
| openSUSE | 9.2 | i586 | openssl | < 0.9.7d-25.2 | openssl-0.9.7d-25.2.i586.rpm |
| openSUSE | 9.0 | x86_64 | openssl-devel | < 0.9.7b-135 | openssl-devel-0.9.7b-135.x86_64.rpm |
| openSUSE | 9.1 | i586 | openssl-32bit | < 9.1-200510151708 | openssl-32bit-9.1-200510151708.i586.rpm |
Related
freebsd
freebsd
openssl -- potential SSL 2.0 rollback
2005-10-11 00:00:00
openvas
openvas
FreeBSD Security Advisory (FreeBSD-SA-05:21.openssl.asc)
2008-09-04 00:00:00
SLES9: Security update for OpenSSL
2009-10-10 00:00:00
SLES9: Security update for OpenSSL
2009-10-10 00:00:00
debian
debian
[SECURITY] [DSA 888-1] New OpenSSL packages fix cryptographic weakness
2005-11-07 19:06:00
[SECURITY] [DSA 882-1] New OpenSSL packages fix cryptographic weakness
2005-11-04 12:08:28
[SECURITY] [DSA 882-1] New OpenSSL packages fix cryptographic weakness
2005-11-04 12:08:28
ubuntu
ubuntu
SSL library vulnerability
2005-10-14 00:00:00
cve
cve
CVE-2005-2969
2005-10-18 21:02:00
nessus
nessus
Debian DSA-875-1 : openssl094 - cryptographic weakness
2006-10-14 00:00:00
Debian DSA-881-1 : openssl096 - cryptographic weakness
2006-10-14 00:00:00
ubuntucve
ubuntucve
CVE-2005-2969
2005-10-18 00:00:00
f5
f5
debiancve
debiancve
CVE-2005-2969
2005-10-18 21:02:00
gentoo
gentoo
OpenSSL: SSL 2.0 protocol rollback
2005-10-12 00:00:00
nvd
nvd
CVE-2005-2969
2005-10-18 21:02:00
osv
osv
openssl094 - cryptographic weakness
2005-10-27 00:00:00
cvelist
cvelist
CVE-2005-2969
2005-10-18 04:00:00
slackware
slackware
OpenSSL
2005-10-13 18:06:49
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:21.openssl
2005-10-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt3
2005-10-11 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt3
2005-10-11 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt3
2005-10-11 00:00:00
securityvulns
securityvulns
[Full-disclosure] OpenSSL SSL 2.0 Rollback (CAN-2005-2969)
2005-10-11 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2005-2969
2005-10-11 00:00:00
jvn
jvn
JVN#23632449: OpenSSL version rollback vulnerability
2005-10-11 00:00:00
centos
centos
openssl, openssl095a, openssl096 security update
2005-10-12 00:30:56
openssl, openssl096b security update
2005-10-11 17:08:24
redhat
redhat
(RHSA-2005:800) openssl security update
2005-10-11 00:00:00
cisco
cisco
OpenSSL Version Rollback and Weak Cryptographic Algorithm Vulnerabilities
2005-10-12 15:54:57
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00