Lucene search
SuseSUSE-SU-2012:0674-1HistoryMay 30, 2012 - 11:08 p.m.
Security update for openssl (important)
2012-05-3023:08:17
lists.opensuse.org
22
0.234 Low
EPSS
Percentile
96.1%
This update of openssl fixes the following security issues:
- Denial of Service or crash via CBC mode handling.
(CVE-2012-2333
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333</a>
> ) - Incorrect integer conversions that could result in
memory corruption. (CVE-2012-2110
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110</a>
> , CVE-2012-2131
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131</a>
> ) - Potential memory leak in multithreaded key creation.
- Symmetric crypto errors in PKCS7_decrypt.
- Free headers after use in error message.
- S/MIME verification may erroneously fail.
- Tolerating bad MIME headers in ANS.1 parser.
(CVE-2012-1165
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165</a>
> , CVE-2006-7250
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250</a>
> ) - DTLS DoS Attack. (CVE-2012-0050
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050</a>
> ) - DTLS Plaintext Recovery Attack. (CVE-2011-4108
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108</a>
> ) - Double-free in Policy Checks. (CVE-2011-4109
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109</a>
> ) - Uninitialized SSL 3.0 Padding. (CVE-2011-4576
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576</a>
> ) - SGC Restart DoS Attack. (CVE-2011-4619
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619</a>
> )
References
download.novell.com/patch/finder/?keywords=615504b4f83955616ed79d66c69aaaae
bugzilla.novell.com/739719
bugzilla.novell.com/742821
bugzilla.novell.com/748738
bugzilla.novell.com/749210
bugzilla.novell.com/749213
bugzilla.novell.com/749735
bugzilla.novell.com/751946
bugzilla.novell.com/758060
bugzilla.novell.com/761838
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:0674-1)
2021-06-09 00:00:00
Oracle: Security Advisory (ELSA-2012-0060)
2015-10-06 00:00:00
Mandriva Update for openssl MDVSA-2012:006 (openssl)
2012-01-20 00:00:00
redhat
redhat
(RHSA-2012:1306) Important: openssl security update
2012-09-24 15:52:11
(RHSA-2012:1308) Important: openssl security update
2012-09-24 15:54:31
(RHSA-2012:1307) Important: openssl security update
2012-09-24 15:53:22
nessus
nessus
AIX OpenSSL Advisory : openssl_advisory3.asc
2014-04-16 00:00:00
RHEL 5 : openssl (RHSA-2012:0060)
2012-01-25 00:00:00
AIX OpenSSL Advisory : openssl_advisory4.asc
2014-04-16 00:00:00
oraclelinux
oraclelinux
openssl security update
2012-01-24 00:00:00
openssl security update
2012-01-24 00:00:00
openssl security update
2012-02-01 00:00:00
aix
aix
Multiple OpenSSL vulnerabilities
2012-03-21 13:02:49
Multiple OpenSSL vulnerabilities
2012-08-01 09:25:58
ibm
ibm
centos
centos
openssl security update
2012-01-24 21:54:22
openssl security update
2012-01-30 20:25:59
openssl security update
2012-02-01 22:15:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2012-03-06 00:00:00
suse
suse
Security update for OpenSSL (important)
2012-01-16 17:08:28
Security update for compat-openssl097g (important)
2012-09-18 15:08:35
Security update for openssl (important)
2012-05-23 01:08:20
securityvulns
securityvulns
OpenSSL library multiple security vulnerabilities
2012-01-20 00:00:00
[SECURITY] [DSA 2454-1] openssl security update
2012-04-22 00:00:00
[ MDVSA-2012:064 ] openssl0.9.8
2012-04-24 00:00:00
osv
osv
openssl - multiple
2012-04-24 00:00:00
openssl - incomplete fix
2012-04-24 00:00:00
openssl - several
2012-01-15 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2012-04-19 00:00:00
OpenSSL vulnerability
2012-04-24 00:00:00
OpenSSL vulnerabilities
2012-02-09 00:00:00
debian
debian
[SECURITY] [DSA 2390-1] openssl security update
2012-01-15 20:23:09
[SECURITY] [DSA 2454-1] openssl security update
2012-04-19 21:21:20
[SECURITY] [DSA 2454-2] openssl incomplete fix
2012-04-25 02:03:10
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:01.openssl
2012-05-30 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: openssl-1.0.0j-1.fc16
2012-06-03 00:00:32
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1c-1.fc18
2012-11-23 07:52:37
[SECURITY] Fedora 15 Update: openssl-1.0.0j-1.fc15
2012-06-03 00:02:27
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2012-05-03 00:00:00
OpenSSL -- multiple vulnerabilities
2012-01-04 00:00:00
OpenSSL -- DTLS Denial of Service
2012-01-18 00:00:00
amazon
amazon
Medium: openssl
2012-02-02 14:24:00
prion
prion
Null pointer dereference
2012-03-15 17:55:00
Integer overflow
2012-04-24 20:55:00
Design/Logic Flaw
2012-01-19 19:55:00
f5
f5
SOL13597 - OpenSSL vulnerability CVE-2012-1165
2012-05-21 00:00:00
K13597 : OpenSSL vulnerability CVE-2012-1165
2013-09-12 00:00:00
K15417 : OpenSSL vulnerability CVE-2012-0050
2014-08-14 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
cve
cve
openssl
openssl
Vulnerability in OpenSSL CVE-2012-2131
2012-04-24 00:00:00
Vulnerability in OpenSSL CVE-2012-0050
2012-01-04 00:00:00
checkpoint_security
checkpoint_security