Upstream information

CVE-2009-0591 at MITRE

Description

The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having low severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.6
Vector AV:N/AC:H/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entries: 489641 [RESOLVED / FIXED], 629905 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libopenssl0_9_8 >= 0.9.8j-59.11
  • libopenssl0_9_8-32bit >= 0.9.8j-59.11
  • libopenssl1_0_0 >= 1.0.1i-2.12
  • libopenssl1_0_0-32bit >= 1.0.1i-2.12
  • openssl >= 1.0.1i-2.12
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libopenssl0_9_8
SUSE Linux Enterprise Desktop 12 GA libopenssl1_0_0
SUSE Linux Enterprise Desktop 12 SP1
  • libopenssl0_9_8 >= 0.9.8j-81.1
  • libopenssl0_9_8-32bit >= 0.9.8j-81.1
  • libopenssl1_0_0 >= 1.0.1i-34.1
  • libopenssl1_0_0-32bit >= 1.0.1i-34.1
  • openssl >= 1.0.1i-34.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libopenssl0_9_8
SUSE Linux Enterprise Desktop 12 SP1 GA libopenssl1_0_0
SUSE Linux Enterprise Desktop 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl0_9_8 >= 0.9.8j-102.1
  • libopenssl0_9_8-32bit >= 0.9.8j-102.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-32bit >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Desktop 12 SP2 GA libopenssl0_9_8
SUSE Linux Enterprise Desktop 12 SP3
  • libopenssl-devel >= 1.0.2j-59.1
  • libopenssl0_9_8 >= 0.9.8j-105.1
  • libopenssl0_9_8-32bit >= 0.9.8j-105.1
  • libopenssl1_0_0 >= 1.0.2j-59.1
  • libopenssl1_0_0-32bit >= 1.0.2j-59.1
  • openssl >= 1.0.2j-59.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libopenssl-devel
SUSE Linux Enterprise Desktop 12 SP3 GA libopenssl0_9_8
SUSE Linux Enterprise Module for Basesystem 15
  • libopenssl-1_1-devel >= 1.1.0h-2.3
  • libopenssl-devel >= 1.1.0h-1.11
  • libopenssl1_1 >= 1.1.0h-2.3
  • libopenssl1_1-32bit >= 1.1.0h-2.3
  • libopenssl1_1-hmac >= 1.1.0h-2.3
  • libopenssl1_1-hmac-32bit >= 1.1.0h-2.3
  • openssl >= 1.1.0h-1.11
  • openssl-1_1 >= 1.1.0h-2.3
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA libopenssl-1_1-devel
SUSE Linux Enterprise Module for Basesystem 15 GA libopenssl-devel
SUSE Linux Enterprise Module for Legacy Software 12
  • libopenssl0_9_8 >= 0.9.8j-59.11
  • libopenssl0_9_8-32bit >= 0.9.8j-59.11
Patchnames:
SUSE Linux Enterprise Module for Legacy Software 12 GA libopenssl0_9_8
SUSE Linux Enterprise Module for Legacy Software 15
  • libopenssl-1_0_0-devel >= 1.0.2n-1.32
  • libopenssl1_0_0 >= 1.0.2n-1.32
  • openssl-1_0_0 >= 1.0.2n-1.32
Patchnames:
SUSE Linux Enterprise Module for Legacy Software 15 GA libopenssl-1_0_0-devel
SUSE Linux Enterprise Server 11
  • libopenssl0_9_8 >= 0.9.8h-30.12.1
  • libopenssl0_9_8-32bit >= 0.9.8h-30.12.1
  • libopenssl0_9_8-x86 >= 0.9.8h-30.13.1
  • openssl >= 0.9.8h-30.12.1
  • openssl-doc >= 0.9.8h-30.12.1
Patchnames:
slessp0-libopenssl-devel
SUSE Linux Enterprise Server 11 SP1
  • libopenssl0_9_8 >= 0.9.8h-30.27.11
  • libopenssl0_9_8-32bit >= 0.9.8h-30.27.11
  • libopenssl0_9_8-x86 >= 0.9.8h-30.27.11
  • openssl >= 0.9.8h-30.27.11
  • openssl-doc >= 0.9.8h-30.27.11
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.26.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.26.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.26.1
  • openssl >= 0.9.8j-0.26.1
  • openssl-doc >= 0.9.8j-0.26.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP3
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.50.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
  • openssl-doc >= 0.9.8j-0.50.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP4
  • libopenssl0_9_8 >= 0.9.8j-0.70.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.70.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.70.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.70.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.70.1
  • openssl >= 0.9.8j-0.70.1
  • openssl-doc >= 0.9.8j-0.70.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11-SECURITY
  • libopenssl1-devel >= 1.0.1g-0.12.1
  • libopenssl1_0_0 >= 1.0.1g-0.12.1
  • libopenssl1_0_0-32bit >= 1.0.1g-0.12.1
  • openssl1 >= 1.0.1g-0.12.1
  • openssl1-doc >= 1.0.1g-0.12.1
Patchnames:
SUSE Linux Enterprise Server 11-SECURITY GA libopenssl1-devel
SUSE Linux Enterprise Server 12
  • libopenssl1_0_0 >= 1.0.1i-2.7
  • libopenssl1_0_0-32bit >= 1.0.1i-2.12
  • libopenssl1_0_0-hmac >= 1.0.1i-2.7
  • libopenssl1_0_0-hmac-32bit >= 1.0.1i-2.12
  • openssl >= 1.0.1i-2.7
  • openssl-doc >= 1.0.1i-2.7
Patchnames:
SUSE Linux Enterprise Server 12 GA libopenssl1_0_0
SUSE Linux Enterprise Server 12 SP1
  • libopenssl1_0_0 >= 1.0.1i-34.1
  • libopenssl1_0_0-32bit >= 1.0.1i-34.1
  • libopenssl1_0_0-hmac >= 1.0.1i-34.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.1i-34.1
  • openssl >= 1.0.1i-34.1
  • openssl-doc >= 1.0.1i-34.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libopenssl1_0_0
SUSE Linux Enterprise Server 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-32bit >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
  • openssl-doc >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Server 12 SP3
  • libopenssl-devel >= 1.0.2j-59.1
  • libopenssl1_0_0 >= 1.0.2j-59.1
  • libopenssl1_0_0-32bit >= 1.0.2j-59.1
  • libopenssl1_0_0-hmac >= 1.0.2j-59.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.2j-59.1
  • openssl >= 1.0.2j-59.1
  • openssl-doc >= 1.0.2j-59.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libopenssl-devel
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
  • openssl-doc >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Server for SAP Applications 11
  • libopenssl0_9_8 >= 0.9.8h-30.12.1
  • libopenssl0_9_8-32bit >= 0.9.8h-30.12.1
  • libopenssl0_9_8-x86 >= 0.9.8h-30.13.1
  • openssl >= 0.9.8h-30.12.1
  • openssl-doc >= 0.9.8h-30.12.1
Patchnames:
slessp0-libopenssl-devel
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libopenssl-devel >= 0.9.8j-0.70.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 12
  • libopenssl-devel >= 1.0.1i-2.12
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libopenssl-devel >= 1.0.1i-34.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libopenssl-devel >= 1.0.2j-59.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libopenssl-devel
openSUSE 11.1
  • openssl-debuginfo >= 0.9.8h-28.8.1
  • openssl-debugsource >= 0.9.8h-28.8.1
openSUSE 11.1
  • libopenssl-devel >= 0.9.8h-28.8.1
  • libopenssl0_9_8 >= 0.9.8h-28.8.1
  • libopenssl0_9_8-32bit >= 0.9.8h-28.8.1
  • libopenssl0_9_8-64bit >= 0.9.8h-28.8.1
  • openssl >= 0.9.8h-28.8.1
  • openssl-doc >= 0.9.8h-28.8.1
SUSE Linux Enterprise SDK 11 GA
  • libopenssl-devel >= 0.9.8h-30.12.1
sles11.s390x
sles11.x86-64
sle11-debuginfo.ppc
sles11.ppc
sles11.x86
sle11-debuginfo.s390x
sle11-sdk.ia64
sles11.ia64
sled11.x86
sle11-sdk.s390x
sle11-debuginfo.x86
sle11-debuginfo.x86-64
sled11.x86-64
sle11-sdk.x86
sle11-sdk.ppc
sle11-sdk.x86-64
sle11-debuginfo.ia64
SAT Patch Nr: 772
SUSE Linux Enterprise Desktop 11 GA
  • libopenssl0_9_8 >= 0.9.8h-30.12.1
  • openssl >= 0.9.8h-30.12.1
sles11.s390x
sles11.x86-64
sle11-debuginfo.ppc
sles11.ppc
sles11.x86
sle11-debuginfo.s390x
sle11-sdk.ia64
sles11.ia64
sled11.x86
sle11-sdk.s390x
sle11-debuginfo.x86
sle11-debuginfo.x86-64
sled11.x86-64
sle11-sdk.x86
sle11-sdk.ppc
sle11-sdk.x86-64
sle11-debuginfo.ia64
SAT Patch Nr: 772
SUSE Linux Enterprise Desktop 11 GA
  • libopenssl0_9_8 >= 0.9.8h-30.12.1
  • libopenssl0_9_8-32bit >= 0.9.8h-30.12.1
  • openssl >= 0.9.8h-30.12.1
sles11.s390x
sles11.x86-64
sle11-debuginfo.ppc
sles11.ppc
sles11.x86
sle11-debuginfo.s390x
sle11-sdk.ia64
sles11.ia64
sled11.x86
sle11-sdk.s390x
sle11-debuginfo.x86
sle11-debuginfo.x86-64
sled11.x86-64
sle11-sdk.x86
sle11-sdk.ppc
sle11-sdk.x86-64
sle11-debuginfo.ia64
SAT Patch Nr: 772
SUSE Linux Enterprise Server 11 GA
  • libopenssl0_9_8 >= 0.9.8h-30.12.1
  • openssl >= 0.9.8h-30.12.1
  • openssl-doc >= 0.9.8h-30.12.1
sles11.s390x
sles11.x86-64
sle11-debuginfo.ppc
sles11.ppc
sles11.x86
sle11-debuginfo.s390x
sle11-sdk.ia64
sles11.ia64
sled11.x86
sle11-sdk.s390x
sle11-debuginfo.x86
sle11-debuginfo.x86-64
sled11.x86-64
sle11-sdk.x86
sle11-sdk.ppc
sle11-sdk.x86-64
sle11-debuginfo.ia64
SAT Patch Nr: 772
SUSE Linux Enterprise Server 11 GA
  • libopenssl0_9_8 >= 0.9.8h-30.12.1
  • libopenssl0_9_8-x86 >= 0.9.8h-30.12.1
  • openssl >= 0.9.8h-30.12.1
  • openssl-doc >= 0.9.8h-30.12.1
sles11.s390x
sles11.x86-64
sle11-debuginfo.ppc
sles11.ppc
sles11.x86
sle11-debuginfo.s390x
sle11-sdk.ia64
sles11.ia64
sled11.x86
sle11-sdk.s390x
sle11-debuginfo.x86
sle11-debuginfo.x86-64
sled11.x86-64
sle11-sdk.x86
sle11-sdk.ppc
sle11-sdk.x86-64
sle11-debuginfo.ia64
SAT Patch Nr: 772
SUSE Linux Enterprise Server 11 GA
  • libopenssl0_9_8 >= 0.9.8h-30.12.1
  • libopenssl0_9_8-32bit >= 0.9.8h-30.12.1
  • openssl >= 0.9.8h-30.12.1
  • openssl-doc >= 0.9.8h-30.12.1
sles11.s390x
sles11.x86-64
sle11-debuginfo.ppc
sles11.ppc
sles11.x86
sle11-debuginfo.s390x
sle11-sdk.ia64
sles11.ia64
sled11.x86
sle11-sdk.s390x
sle11-debuginfo.x86
sle11-debuginfo.x86-64
sled11.x86-64
sle11-sdk.x86
sle11-sdk.ppc
sle11-sdk.x86-64
sle11-debuginfo.ia64
SAT Patch Nr: 772
openSUSE Leap 15.0
  • libopenssl1_0_0 >= 1.0.2n-lp150.1.25
  • libopenssl1_1 >= 1.1.0h-lp150.2.1
  • libopenssl1_1-32bit >= 1.1.0h-lp150.2.1
  • openssl >= 1.1.0h-lp150.1.1
  • openssl-1_1 >= 1.1.0h-lp150.2.1
Patchnames:
openSUSE Leap 15.0 GA libopenssl1_0_0
openSUSE Leap 15.0 GA libopenssl1_1
openSUSE Leap 15.0 GA openssl
openSUSE Leap 42.1
  • libopenssl-devel >= 1.0.1i-4.1
  • libopenssl1_0_0 >= 1.0.1i-4.1
  • libopenssl1_0_0-32bit >= 1.0.1i-4.1
  • openssl >= 1.0.1i-4.1
Patchnames:
openSUSE Leap 42.1 GA libopenssl-devel
openSUSE Leap 42.2
  • libopenssl-devel >= 1.0.2j-2.2
  • libopenssl1_0_0 >= 1.0.2j-2.2
  • libopenssl1_0_0-32bit >= 1.0.2j-2.2
  • openssl >= 1.0.2j-2.2
Patchnames:
openSUSE Leap 42.2 GA libopenssl-devel
openSUSE Leap 42.3
  • libopenssl-devel >= 1.0.2j-7.3
  • libopenssl1_0_0 >= 1.0.2j-7.3
  • libopenssl1_0_0-32bit >= 1.0.2j-7.3
  • openssl >= 1.0.2j-7.3
Patchnames:
openSUSE Leap 42.3 GA libopenssl-devel
openSUSE Tumbleweed
  • libopenssl-devel >= 1.0.2j-2.2
  • libopenssl-devel-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0 >= 1.0.2j-2.2
  • libopenssl1_0_0-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0-hmac >= 1.0.2j-2.2
  • libopenssl1_0_0-hmac-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0-steam >= 1.0.2h-4.1
  • libopenssl1_0_0-steam-32bit >= 1.0.2h-4.1
  • openssl >= 1.0.2j-2.2
  • openssl-doc >= 1.0.2j-2.2
Patchnames:
openSUSE Tumbleweed GA libopenssl-devel
openSUSE Tumbleweed GA libopenssl1_0_0-steam