Lucene search

K
ubuntuUbuntuUSN-1451-1
HistoryMay 24, 2012 - 12:00 a.m.

OpenSSL vulnerabilities

2012-05-2400:00:00
ubuntu.com
39

8.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.053 Low

EPSS

Percentile

92.9%

Releases

  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04
  • Ubuntu 8.04

Packages

  • openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

Ivan Nestlerode discovered that the Cryptographic Message Syntax
(CMS) and PKCS #7 implementations in OpenSSL returned early if RSA
decryption failed. This could allow an attacker to expose sensitive
information via a Million Message Attack (MMA). (CVE-2012-0884)

It was discovered that an integer underflow was possible when using
TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a
remote attacker to cause a denial of service. (CVE-2012-2333)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchlibssl0.9.8<ย 0.9.8g-4ubuntu3.19UNKNOWN
Ubuntu8.04noarchlibcrypto0.9.8-udeb<ย 0.9.8g-4ubuntu3.19UNKNOWN
Ubuntu8.04noarchlibssl-dev<ย 0.9.8g-4ubuntu3.19UNKNOWN
Ubuntu8.04noarchlibssl0.9.8-dbg<ย 0.9.8g-4ubuntu3.19UNKNOWN
Ubuntu8.04noarchopenssl<ย 0.9.8g-4ubuntu3.19UNKNOWN
Ubuntu12.04noarchlibssl1.0.0<ย 1.0.1-4ubuntu5.2UNKNOWN
Ubuntu12.04noarchlibcrypto1.0.0-udeb<ย 1.0.1-4ubuntu5.2UNKNOWN
Ubuntu12.04noarchlibssl-dev<ย 1.0.1-4ubuntu5.2UNKNOWN
Ubuntu12.04noarchlibssl1.0.0-dbg<ย 1.0.1-4ubuntu5.2UNKNOWN
Ubuntu12.04noarchlibssl1.0.0-udeb<ย 1.0.1-4ubuntu5.2UNKNOWN
Rows per page:
1-10 of 291

8.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.053 Low

EPSS

Percentile

92.9%