Security update for libopenssl0_9_8 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0640-1 Final 1 1 2016-03-03T09:17:42Z current 2016-03-03T09:17:42Z 2016-03-03T09:17:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libopenssl0_9_8 This update for libopenssl0_9_8 fixes the following issues: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - The package was updated to 0.9.8zh: * fixes many security vulnerabilities (not seperately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166 - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787) - fix CVE-2015-3197 (boo#963415) * SSLv2 doesn't block disabled ciphers The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html E-Mail link for openSUSE-SU-2016:0640-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libopenssl0_9_8-0.9.8zh-14.1 libopenssl0_9_8-32bit-0.9.8zh-14.1 libopenssl0_9_8-0.9.8zh-14.1 as a component of openSUSE Leap 42.1 libopenssl0_9_8-32bit-0.9.8zh-14.1 as a component of openSUSE Leap 42.1 OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. CVE-2013-0166 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2013-0166.html CVE-2013-0166 https://bugzilla.suse.com/802648 SUSE Bug 802648 https://bugzilla.suse.com/802746 SUSE Bug 802746 https://bugzilla.suse.com/813366 SUSE Bug 813366 https://bugzilla.suse.com/821818 SUSE Bug 821818 https://bugzilla.suse.com/833408 SUSE Bug 833408 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/911906 SUSE Bug 911906 The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. CVE-2013-0169 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2013-0169.html CVE-2013-0169 https://bugzilla.suse.com/1070148 SUSE Bug 1070148 https://bugzilla.suse.com/1103036 SUSE Bug 1103036 https://bugzilla.suse.com/1103597 SUSE Bug 1103597 https://bugzilla.suse.com/802184 SUSE Bug 802184 https://bugzilla.suse.com/802648 SUSE Bug 802648 https://bugzilla.suse.com/802746 SUSE Bug 802746 https://bugzilla.suse.com/803379 SUSE Bug 803379 https://bugzilla.suse.com/804654 SUSE Bug 804654 https://bugzilla.suse.com/809839 SUSE Bug 809839 https://bugzilla.suse.com/813366 SUSE Bug 813366 https://bugzilla.suse.com/813939 SUSE Bug 813939 https://bugzilla.suse.com/821818 SUSE Bug 821818 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/977584 SUSE Bug 977584 https://bugzilla.suse.com/977616 SUSE Bug 977616 The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. CVE-2014-0076 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-0076.html CVE-2014-0076 https://bugzilla.suse.com/869945 SUSE Bug 869945 https://bugzilla.suse.com/880891 SUSE Bug 880891 https://bugzilla.suse.com/883126 SUSE Bug 883126 https://bugzilla.suse.com/905106 SUSE Bug 905106 The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. CVE-2014-0195 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-0195.html CVE-2014-0195 https://bugzilla.suse.com/880891 SUSE Bug 880891 https://bugzilla.suse.com/915913 SUSE Bug 915913 The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. CVE-2014-0221 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-0221.html CVE-2014-0221 https://bugzilla.suse.com/880891 SUSE Bug 880891 https://bugzilla.suse.com/883126 SUSE Bug 883126 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/915913 SUSE Bug 915913 OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. CVE-2014-0224 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-0224.html CVE-2014-0224 https://bugzilla.suse.com/1146657 SUSE Bug 1146657 https://bugzilla.suse.com/880891 SUSE Bug 880891 https://bugzilla.suse.com/883126 SUSE Bug 883126 https://bugzilla.suse.com/885777 SUSE Bug 885777 https://bugzilla.suse.com/892403 SUSE Bug 892403 https://bugzilla.suse.com/901237 SUSE Bug 901237 https://bugzilla.suse.com/905018 SUSE Bug 905018 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/914447 SUSE Bug 914447 https://bugzilla.suse.com/915913 SUSE Bug 915913 https://bugzilla.suse.com/916239 SUSE Bug 916239 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. CVE-2014-3470 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3470.html CVE-2014-3470 https://bugzilla.suse.com/880891 SUSE Bug 880891 https://bugzilla.suse.com/883126 SUSE Bug 883126 https://bugzilla.suse.com/885777 SUSE Bug 885777 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/915913 SUSE Bug 915913 Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. CVE-2014-3505 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3505.html CVE-2014-3505 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890764 SUSE Bug 890764 https://bugzilla.suse.com/890767 SUSE Bug 890767 https://bugzilla.suse.com/905106 SUSE Bug 905106 d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. CVE-2014-3506 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3506.html CVE-2014-3506 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890764 SUSE Bug 890764 https://bugzilla.suse.com/890768 SUSE Bug 890768 https://bugzilla.suse.com/905106 SUSE Bug 905106 Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. CVE-2014-3507 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3507.html CVE-2014-3507 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890764 SUSE Bug 890764 https://bugzilla.suse.com/890769 SUSE Bug 890769 https://bugzilla.suse.com/905106 SUSE Bug 905106 The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. CVE-2014-3508 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3508.html CVE-2014-3508 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890764 SUSE Bug 890764 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/950708 SUSE Bug 950708 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. CVE-2014-3510 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3510.html CVE-2014-3510 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890764 SUSE Bug 890764 https://bugzilla.suse.com/890770 SUSE Bug 890770 https://bugzilla.suse.com/905106 SUSE Bug 905106 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. CVE-2014-3566 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3566.html CVE-2014-3566 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1031023 SUSE Bug 1031023 https://bugzilla.suse.com/901223 SUSE Bug 901223 https://bugzilla.suse.com/901254 SUSE Bug 901254 https://bugzilla.suse.com/901277 SUSE Bug 901277 https://bugzilla.suse.com/901748 SUSE Bug 901748 https://bugzilla.suse.com/901757 SUSE Bug 901757 https://bugzilla.suse.com/901759 SUSE Bug 901759 https://bugzilla.suse.com/901889 SUSE Bug 901889 https://bugzilla.suse.com/901968 SUSE Bug 901968 https://bugzilla.suse.com/902229 SUSE Bug 902229 https://bugzilla.suse.com/902476 SUSE Bug 902476 https://bugzilla.suse.com/902912 SUSE Bug 902912 https://bugzilla.suse.com/903405 SUSE Bug 903405 https://bugzilla.suse.com/903684 SUSE Bug 903684 https://bugzilla.suse.com/903690 SUSE Bug 903690 https://bugzilla.suse.com/903692 SUSE Bug 903692 https://bugzilla.suse.com/904889 SUSE Bug 904889 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/914041 SUSE Bug 914041 Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. CVE-2014-3567 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3567.html CVE-2014-3567 https://bugzilla.suse.com/877506 SUSE Bug 877506 https://bugzilla.suse.com/901277 SUSE Bug 901277 https://bugzilla.suse.com/902912 SUSE Bug 902912 https://bugzilla.suse.com/903690 SUSE Bug 903690 https://bugzilla.suse.com/903692 SUSE Bug 903692 https://bugzilla.suse.com/905106 SUSE Bug 905106 OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. CVE-2014-3568 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3568.html CVE-2014-3568 https://bugzilla.suse.com/901277 SUSE Bug 901277 https://bugzilla.suse.com/902912 SUSE Bug 902912 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/911399 SUSE Bug 911399 https://bugzilla.suse.com/986238 SUSE Bug 986238 The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. CVE-2014-3569 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 important 5.7 AV:N/AC:M/Au:M/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3569.html CVE-2014-3569 https://bugzilla.suse.com/911399 SUSE Bug 911399 https://bugzilla.suse.com/920339 SUSE Bug 920339 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/986238 SUSE Bug 986238 The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. CVE-2014-3570 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3570.html CVE-2014-3570 https://bugzilla.suse.com/912296 SUSE Bug 912296 https://bugzilla.suse.com/920339 SUSE Bug 920339 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/944456 SUSE Bug 944456 OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. CVE-2014-3571 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3571.html CVE-2014-3571 https://bugzilla.suse.com/912294 SUSE Bug 912294 https://bugzilla.suse.com/920339 SUSE Bug 920339 https://bugzilla.suse.com/927623 SUSE Bug 927623 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. CVE-2014-3572 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-3572.html CVE-2014-3572 https://bugzilla.suse.com/912015 SUSE Bug 912015 https://bugzilla.suse.com/920339 SUSE Bug 920339 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/937891 SUSE Bug 937891 OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. CVE-2014-8275 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2014-8275.html CVE-2014-8275 https://bugzilla.suse.com/911906 SUSE Bug 911906 https://bugzilla.suse.com/912018 SUSE Bug 912018 https://bugzilla.suse.com/920339 SUSE Bug 920339 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/937891 SUSE Bug 937891 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. CVE-2015-0204 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-0204.html CVE-2015-0204 https://bugzilla.suse.com/912014 SUSE Bug 912014 https://bugzilla.suse.com/920339 SUSE Bug 920339 https://bugzilla.suse.com/920482 SUSE Bug 920482 https://bugzilla.suse.com/920484 SUSE Bug 920484 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/936787 SUSE Bug 936787 https://bugzilla.suse.com/952088 SUSE Bug 952088 Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. CVE-2015-0209 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-0209.html CVE-2015-0209 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. CVE-2015-0286 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-0286.html CVE-2015-0286 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/922496 SUSE Bug 922496 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/951391 SUSE Bug 951391 The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. CVE-2015-0287 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-0287.html CVE-2015-0287 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/922499 SUSE Bug 922499 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937492 SUSE Bug 937492 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/940369 SUSE Bug 940369 https://bugzilla.suse.com/968888 SUSE Bug 968888 https://bugzilla.suse.com/991722 SUSE Bug 991722 The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. CVE-2015-0288 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-0288.html CVE-2015-0288 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/920236 SUSE Bug 920236 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/951391 SUSE Bug 951391 The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. CVE-2015-0289 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-0289.html CVE-2015-0289 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/922500 SUSE Bug 922500 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. CVE-2015-0293 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-0293.html CVE-2015-0293 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/922488 SUSE Bug 922488 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/968044 SUSE Bug 968044 https://bugzilla.suse.com/968051 SUSE Bug 968051 https://bugzilla.suse.com/968053 SUSE Bug 968053 https://bugzilla.suse.com/986238 SUSE Bug 986238 The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. CVE-2015-1788 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-1788.html CVE-2015-1788 https://bugzilla.suse.com/934487 SUSE Bug 934487 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/938432 SUSE Bug 938432 The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. CVE-2015-1789 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-1789.html CVE-2015-1789 https://bugzilla.suse.com/934489 SUSE Bug 934489 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/938432 SUSE Bug 938432 https://bugzilla.suse.com/951391 SUSE Bug 951391 The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. CVE-2015-1790 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-1790.html CVE-2015-1790 https://bugzilla.suse.com/934491 SUSE Bug 934491 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/938432 SUSE Bug 938432 Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. CVE-2015-1791 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-1791.html CVE-2015-1791 https://bugzilla.suse.com/933911 SUSE Bug 933911 https://bugzilla.suse.com/986238 SUSE Bug 986238 https://bugzilla.suse.com/989464 SUSE Bug 989464 The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. CVE-2015-1792 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-1792.html CVE-2015-1792 https://bugzilla.suse.com/934493 SUSE Bug 934493 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/986238 SUSE Bug 986238 The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. CVE-2015-3195 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-3195.html CVE-2015-3195 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/957812 SUSE Bug 957812 https://bugzilla.suse.com/957815 SUSE Bug 957815 https://bugzilla.suse.com/958768 SUSE Bug 958768 https://bugzilla.suse.com/963977 SUSE Bug 963977 https://bugzilla.suse.com/986238 SUSE Bug 986238 ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. CVE-2015-3197 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2015-3197.html CVE-2015-3197 https://bugzilla.suse.com/963410 SUSE Bug 963410 https://bugzilla.suse.com/963415 SUSE Bug 963415 https://bugzilla.suse.com/968044 SUSE Bug 968044 https://bugzilla.suse.com/968046 SUSE Bug 968046 Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. CVE-2016-0797 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2016-0797.html CVE-2016-0797 https://bugzilla.suse.com/968044 SUSE Bug 968044 https://bugzilla.suse.com/968048 SUSE Bug 968048 https://bugzilla.suse.com/990370 SUSE Bug 990370 The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. CVE-2016-0799 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2016-0799.html CVE-2016-0799 https://bugzilla.suse.com/968044 SUSE Bug 968044 https://bugzilla.suse.com/968374 SUSE Bug 968374 https://bugzilla.suse.com/969517 SUSE Bug 969517 https://bugzilla.suse.com/989345 SUSE Bug 989345 https://bugzilla.suse.com/990370 SUSE Bug 990370 https://bugzilla.suse.com/991722 SUSE Bug 991722 The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. CVE-2016-0800 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8zh-14.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8zh-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://www.suse.com/security/cve/CVE-2016-0800.html CVE-2016-0800 https://bugzilla.suse.com/1106871 SUSE Bug 1106871 https://bugzilla.suse.com/961377 SUSE Bug 961377 https://bugzilla.suse.com/968044 SUSE Bug 968044 https://bugzilla.suse.com/968046 SUSE Bug 968046 https://bugzilla.suse.com/968888 SUSE Bug 968888 https://bugzilla.suse.com/979060 SUSE Bug 979060