Upstream information

CVE-2006-7250 at MITRE

Description

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 748738 [RESOLVED / FIXED], 883307 [ASSIGNED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libopenssl0_9_8 >= 0.9.8j-59.11
  • libopenssl0_9_8-32bit >= 0.9.8j-59.11
  • libopenssl1_0_0 >= 1.0.1i-2.12
  • libopenssl1_0_0-32bit >= 1.0.1i-2.12
  • openssl >= 1.0.1i-2.12
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libopenssl0_9_8
SUSE Linux Enterprise Desktop 12 GA libopenssl1_0_0
SUSE Linux Enterprise Desktop 12 SP1
  • libopenssl0_9_8 >= 0.9.8j-81.1
  • libopenssl0_9_8-32bit >= 0.9.8j-81.1
  • libopenssl1_0_0 >= 1.0.1i-34.1
  • libopenssl1_0_0-32bit >= 1.0.1i-34.1
  • openssl >= 1.0.1i-34.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libopenssl0_9_8
SUSE Linux Enterprise Desktop 12 SP1 GA libopenssl1_0_0
SUSE Linux Enterprise Desktop 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl0_9_8 >= 0.9.8j-102.1
  • libopenssl0_9_8-32bit >= 0.9.8j-102.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-32bit >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Desktop 12 SP2 GA libopenssl0_9_8
SUSE Linux Enterprise Module for Legacy Software 12
  • libopenssl0_9_8 >= 0.9.8j-59.11
  • libopenssl0_9_8-32bit >= 0.9.8j-59.11
Patchnames:
SUSE Linux Enterprise Module for Legacy Software 12 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP3
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.50.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
  • openssl-doc >= 0.9.8j-0.50.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP4
  • libopenssl0_9_8 >= 0.9.8j-0.70.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.70.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.70.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.70.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.70.1
  • openssl >= 0.9.8j-0.70.1
  • openssl-doc >= 0.9.8j-0.70.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libopenssl0_9_8
SUSE Linux Enterprise Server 12
  • libopenssl1_0_0 >= 1.0.1i-2.7
  • libopenssl1_0_0-32bit >= 1.0.1i-2.12
  • libopenssl1_0_0-hmac >= 1.0.1i-2.7
  • libopenssl1_0_0-hmac-32bit >= 1.0.1i-2.12
  • openssl >= 1.0.1i-2.7
  • openssl-doc >= 1.0.1i-2.7
Patchnames:
SUSE Linux Enterprise Server 12 GA libopenssl1_0_0
SUSE Linux Enterprise Server 12 SP1
  • libopenssl1_0_0 >= 1.0.1i-34.1
  • libopenssl1_0_0-32bit >= 1.0.1i-34.1
  • libopenssl1_0_0-hmac >= 1.0.1i-34.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.1i-34.1
  • openssl >= 1.0.1i-34.1
  • openssl-doc >= 1.0.1i-34.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libopenssl1_0_0
SUSE Linux Enterprise Server 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-32bit >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
  • openssl-doc >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
  • openssl-doc >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libopenssl-devel >= 0.9.8j-0.70.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 12
  • libopenssl-devel >= 1.0.1i-2.12
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libopenssl-devel >= 1.0.1i-34.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libopenssl-devel >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.32.1
  • openssl >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.32.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.32.1
  • openssl >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.32.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.32.1
  • openssl >= 0.9.8j-0.32.1
  • openssl-doc >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.32.1
  • openssl >= 0.9.8j-0.32.1
  • openssl-doc >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.32.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.32.1
  • openssl >= 0.9.8j-0.32.1
  • openssl-doc >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • openssl >= 0.9.8a-18.45.63.1
  • openssl-devel >= 0.9.8a-18.45.63.1
  • openssl-doc >= 0.9.8a-18.45.63.1
Builds
ZYPP Patch Nr: 8142
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • openssl >= 0.9.8a-18.45.63.1
  • openssl-32bit >= 0.9.8a-18.45.63.1
  • openssl-devel >= 0.9.8a-18.45.63.1
  • openssl-devel-32bit >= 0.9.8a-18.45.63.1
  • openssl-doc >= 0.9.8a-18.45.63.1
Builds
ZYPP Patch Nr: 8142
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • openssl >= 0.9.8a-18.64.3
  • openssl-devel >= 0.9.8a-18.64.3
Builds
ZYPP Patch Nr: 8034
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
  • openssl >= 0.9.8a-18.64.3
  • openssl-32bit >= 0.9.8a-18.64.3
  • openssl-devel >= 0.9.8a-18.64.3
  • openssl-devel-32bit >= 0.9.8a-18.64.3
Builds
ZYPP Patch Nr: 8034
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
  • openssl-doc >= 0.9.8a-18.64.3
Builds
ZYPP Patch Nr: 8034
SUSE Linux Enterprise Server 10 SP4 for x86
  • openssl >= 0.9.8a-18.64.3
  • openssl-devel >= 0.9.8a-18.64.3
  • openssl-doc >= 0.9.8a-18.64.3
Builds
ZYPP Patch Nr: 8034
SUSE Linux Enterprise Server 10 SP4 for IPF
  • openssl >= 0.9.8a-18.64.3
  • openssl-devel >= 0.9.8a-18.64.3
  • openssl-doc >= 0.9.8a-18.64.3
  • openssl-x86 >= 0.9.8a-18.64.3
Builds
ZYPP Patch Nr: 8034
SUSE Linux Enterprise Server 10 SP4 for IBM POWER
  • openssl >= 0.9.8a-18.64.3
  • openssl-64bit >= 0.9.8a-18.64.3
  • openssl-devel >= 0.9.8a-18.64.3
  • openssl-devel-64bit >= 0.9.8a-18.64.3
  • openssl-doc >= 0.9.8a-18.64.3
Builds
ZYPP Patch Nr: 8034
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit
  • openssl >= 0.9.8a-18.64.3
  • openssl-32bit >= 0.9.8a-18.64.3
  • openssl-devel >= 0.9.8a-18.64.3
  • openssl-devel-32bit >= 0.9.8a-18.64.3
  • openssl-doc >= 0.9.8a-18.64.3
Builds
ZYPP Patch Nr: 8034
openSUSE 11.4
  • libopenssl-devel >= 1.0.0c-18.34.1
  • libopenssl1_0_0 >= 1.0.0c-18.34.1
  • libopenssl1_0_0-32bit >= 1.0.0c-18.34.1
  • libopenssl1_0_0-debuginfo >= 1.0.0c-18.34.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.0c-18.34.1
  • openssl >= 1.0.0c-18.34.1
  • openssl-debuginfo >= 1.0.0c-18.34.1
  • openssl-debugsource >= 1.0.0c-18.34.1
  • openssl-doc >= 1.0.0c-18.34.1
Patchnames:
openSUSE-2012-174
openSUSE 13.2
  • libopenssl-devel >= 1.0.1i-2.1.4
  • libopenssl1_0_0 >= 1.0.1i-2.1.4
  • libopenssl1_0_0-32bit >= 1.0.1i-2.1.4
  • openssl >= 1.0.1i-2.1.4
Patchnames:
openSUSE 13.2 GA libopenssl-devel
openSUSE Leap 42.1
  • libopenssl-devel >= 1.0.1i-4.1
  • libopenssl1_0_0 >= 1.0.1i-4.1
  • libopenssl1_0_0-32bit >= 1.0.1i-4.1
  • openssl >= 1.0.1i-4.1
Patchnames:
openSUSE Leap 42.1 GA libopenssl-devel
openSUSE Leap 42.2
  • libopenssl-devel >= 1.0.2j-2.2
  • libopenssl1_0_0 >= 1.0.2j-2.2
  • libopenssl1_0_0-32bit >= 1.0.2j-2.2
  • openssl >= 1.0.2j-2.2
Patchnames:
openSUSE Leap 42.2 GA libopenssl-devel
openSUSE Tumbleweed
  • libopenssl-devel >= 1.0.2j-2.2
  • libopenssl-devel-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0 >= 1.0.2j-2.2
  • libopenssl1_0_0-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0-hmac >= 1.0.2j-2.2
  • libopenssl1_0_0-hmac-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0-steam >= 1.0.2h-4.1
  • libopenssl1_0_0-steam-32bit >= 1.0.2h-4.1
  • openssl >= 1.0.2j-2.2
  • openssl-doc >= 1.0.2j-2.2
Patchnames:
openSUSE Tumbleweed GA libopenssl-devel
openSUSE Tumbleweed GA libopenssl1_0_0-steam