Upstream information

CVE-2006-3738 at MITRE

Description

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 10
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 202366 [RESOLVED / FIXED], 207635 [RESOLVED / FIXED], 215623 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • libopenssl0_9_8 >= 0.9.8h-30.27.11
  • libopenssl0_9_8-32bit >= 0.9.8h-30.27.11
  • libopenssl0_9_8-x86 >= 0.9.8h-30.27.11
  • openssl >= 0.9.8h-30.27.11
  • openssl-doc >= 0.9.8h-30.27.11
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.26.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.26.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.26.1
  • openssl >= 0.9.8j-0.26.1
  • openssl-doc >= 0.9.8j-0.26.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP3
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.50.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
  • openssl-doc >= 0.9.8j-0.50.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP4
  • libopenssl0_9_8 >= 0.9.8j-0.70.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.70.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.70.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.70.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.70.1
  • openssl >= 0.9.8j-0.70.1
  • openssl-doc >= 0.9.8j-0.70.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libopenssl0_9_8
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libopenssl-devel >= 0.9.8j-0.70.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libopenssl-devel
SUSE LINUX 10.0
  • compat-openssl096g >= 0.9.6g-4.2
SUSE LINUX 9.2
  • compat-openssl096g >= 0.9.6g-2.2
SUSE LINUX 9.3
  • compat-openssl096g >= 0.9.6g-3.2
SuSE Linux Desktop 1.0
  • openssl >= 0.9.6g-139
sles9-oes.x86
ul1.s390
sles10.s390x
slox4.x86
core9.s390
sled10.x86
ZYPP Patch Nr: 2141
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • openssl >= 0.9.6g-138
  • openssl-devel >= 0.9.6g-138
sles9-oes.x86
ul1.s390
sles10.s390x
slox4.x86
core9.s390
sled10.x86
ZYPP Patch Nr: 2141
SuSE Linux Enterprise Server 8 for IBM zSeries
  • openssl >= 0.9.6g-139
  • openssl-devel >= 0.9.6g-139
sles9-oes.x86
ul1.s390
sles10.s390x
slox4.x86
core9.s390
sled10.x86
ZYPP Patch Nr: 2141
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • openssl >= 0.9.7d-15.29
  • openssl-devel >= 0.9.7d-15.29
sles9-oes.x86
ul1.s390
sles10.s390x
slox4.x86
core9.s390
sled10.x86
ZYPP Patch Nr: 2141
Novell Linux Desktop 9 for x86_64
  • openssl >= 0.9.7d-15.29
  • openssl-32bit >= 9-200609270654
  • openssl-devel >= 0.9.7d-15.29
  • openssl-devel-32bit >= 9-200609270654
sles9-oes.x86
ul1.s390
sles10.s390x
slox4.x86
core9.s390
sled10.x86
ZYPP Patch Nr: 2141
SUSE LINUX 10.1
  • compat-openssl097g >= 0.9.7g-13.5
  • compat-openssl097g-32bit >= 0.9.7g-13.5
  • compat-openssl097g-64bit >= 0.9.7g-13.5
SuSE Linux Enterprise Server 8 for IBM zSeries
  • openssl-z990 >= 0.9.7c-9
ul1.s390
YOU Patch Nr: 11271
SUSE LINUX 10.0
  • openssl >= 0.9.7g-2.10
  • openssl-32bit >= 0.9.7g-2.10
  • openssl-64bit >= 0.9.7g-2.10
  • openssl-devel >= 0.9.7g-2.10
  • openssl-devel-32bit >= 0.9.7g-2.10
  • openssl-devel-64bit >= 0.9.7g-2.10
SUSE LINUX 10.1
  • openssl >= 0.9.8a-18.10
  • openssl-32bit >= 0.9.8a-18.10
  • openssl-64bit >= 0.9.8a-18.10
  • openssl-devel >= 0.9.8a-18.10
  • openssl-devel-32bit >= 0.9.8a-18.10
  • openssl-devel-64bit >= 0.9.8a-18.10
SUSE LINUX 9.2
  • openssl >= 0.9.7d-25.6
  • openssl-32bit >= 9.2-200609270647
  • openssl-devel >= 0.9.7d-25.6
  • openssl-devel-32bit >= 9.2-200609270647
SUSE LINUX 9.3
  • openssl >= 0.9.7e-3.6
  • openssl-32bit >= 9.3-7.3
  • openssl-devel >= 0.9.7e-3.6
  • openssl-devel-32bit >= 9.3-7.3