CVE-2012-0050

Upstream information

CVE-2012-0050 at MITRE

Description

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

SUSE information

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.96
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entries: 739719 [RESOLVED / FIXED], 742821 [RESOLVED / FIXED], 758060 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SU-2012:0281-1, published Sat Feb 18 02:08:25 MST 2012
SUSE-SU-2012:0282-1, published Sat Feb 18 03:08:11 MST 2012
SUSE-SU-2012:0674-1, published Wed, 30 May 2012 23:08:17 +0200 (CEST)
openSUSE-SU-2012:0266-1, published Fri, 17 Feb 2012 15:08:31 +0100 (CET)
openSUSE-SU-2013:0336-1, published Mon, 25 Feb 2013 11:04:39 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.4	`libopenssl-devel >= 1.0.0c-18.25.1` `libopenssl1_0_0 >= 1.0.0c-18.25.1` `libopenssl1_0_0-32bit >= 1.0.0c-18.25.1` `openssl >= 1.0.0c-18.25.1` `openssl-doc >= 1.0.0c-18.25.1`
SUSE Linux Enterprise Server 10 SP3 LTSS for x86	`openssl >= 0.9.8a-18.45.63.1` `openssl-devel >= 0.9.8a-18.45.63.1` `openssl-doc >= 0.9.8a-18.45.63.1`	Builds ZYPP Patch Nr: 8142
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit	`openssl >= 0.9.8a-18.45.63.1` `openssl-32bit >= 0.9.8a-18.45.63.1` `openssl-devel >= 0.9.8a-18.45.63.1` `openssl-devel-32bit >= 0.9.8a-18.45.63.1` `openssl-doc >= 0.9.8a-18.45.63.1`	Builds ZYPP Patch Nr: 8142
SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2	`libopenssl-devel >= 0.9.8j-0.28.1`	sles11-sp2.ia64 sles11-sp1.ia64 sles11-sp1-vmware.x86 sles11-sp1.ppc sles11-sp1-vmware.x86-64 sled11-sp2.x86-64 sles11-sp1.x86 sles11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ppc sles11-sp2.s390x sles11-sp1.x86 sles11-sp1.s390x sles11-sp2.ppc sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp2.x86 sles11-sp1.ia64 SAT Patch Nr: 5808
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2	`libopenssl0_9_8 >= 0.9.8j-0.28.1` `openssl >= 0.9.8j-0.28.1`	sles11-sp2.ia64 sles11-sp1.ia64 sles11-sp1-vmware.x86 sles11-sp1.ppc sles11-sp1-vmware.x86-64 sled11-sp2.x86-64 sles11-sp1.x86 sles11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ppc sles11-sp2.s390x sles11-sp1.x86 sles11-sp1.s390x sles11-sp2.ppc sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp2.x86 sles11-sp1.ia64 SAT Patch Nr: 5808
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2	`libopenssl0_9_8 >= 0.9.8j-0.28.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.28.1` `openssl >= 0.9.8j-0.28.1`	sles11-sp2.ia64 sles11-sp1.ia64 sles11-sp1-vmware.x86 sles11-sp1.ppc sles11-sp1-vmware.x86-64 sled11-sp2.x86-64 sles11-sp1.x86 sles11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ppc sles11-sp2.s390x sles11-sp1.x86 sles11-sp1.s390x sles11-sp2.ppc sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp2.x86 sles11-sp1.ia64 SAT Patch Nr: 5808
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2	`libopenssl0_9_8 >= 0.9.8j-0.28.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.28.1` `openssl >= 0.9.8j-0.28.1` `openssl-doc >= 0.9.8j-0.28.1`	sles11-sp2.ia64 sles11-sp1.ia64 sles11-sp1-vmware.x86 sles11-sp1.ppc sles11-sp1-vmware.x86-64 sled11-sp2.x86-64 sles11-sp1.x86 sles11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ppc sles11-sp2.s390x sles11-sp1.x86 sles11-sp1.s390x sles11-sp2.ppc sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp2.x86 sles11-sp1.ia64 SAT Patch Nr: 5808
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2	`libopenssl0_9_8 >= 0.9.8j-0.28.1` `openssl >= 0.9.8j-0.28.1` `openssl-doc >= 0.9.8j-0.28.1`	sles11-sp2.ia64 sles11-sp1.ia64 sles11-sp1-vmware.x86 sles11-sp1.ppc sles11-sp1-vmware.x86-64 sled11-sp2.x86-64 sles11-sp1.x86 sles11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ppc sles11-sp2.s390x sles11-sp1.x86 sles11-sp1.s390x sles11-sp2.ppc sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp2.x86 sles11-sp1.ia64 SAT Patch Nr: 5808
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2	`libopenssl0_9_8 >= 0.9.8j-0.28.1` `libopenssl0_9_8-x86 >= 0.9.8j-0.28.1` `openssl >= 0.9.8j-0.28.1` `openssl-doc >= 0.9.8j-0.28.1`	sles11-sp2.ia64 sles11-sp1.ia64 sles11-sp1-vmware.x86 sles11-sp1.ppc sles11-sp1-vmware.x86-64 sled11-sp2.x86-64 sles11-sp1.x86 sles11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ppc sles11-sp2.s390x sles11-sp1.x86 sles11-sp1.s390x sles11-sp2.ppc sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp2.x86 sles11-sp1.ia64 SAT Patch Nr: 5808
SUSE Linux Enterprise Desktop 10 SP4 for x86	`openssl >= 0.9.8a-18.60.3` `openssl-devel >= 0.9.8a-18.60.3`	sled10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.s390x sles10-sp4-debuginfo.x86-64 sles10-sp4-debuginfo.ppc sle10-sp4-sdk.s390x sles10-sp4.ia64 sles10-sp4.ppc sles10-sp4.x86-64 sle10-sp4-sdk.ppc sle10-sp4-sdk.ia64 sles10-sp4-debuginfo.ia64 sled10-sp4.x86-64 sles10-sp4.s390x sle10-sp4-sdk.x86 ZYPP Patch Nr: 7961
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T	`openssl >= 0.9.8a-18.60.3` `openssl-32bit >= 0.9.8a-18.60.3` `openssl-devel >= 0.9.8a-18.60.3` `openssl-devel-32bit >= 0.9.8a-18.60.3`	sled10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.s390x sles10-sp4-debuginfo.x86-64 sles10-sp4-debuginfo.ppc sle10-sp4-sdk.s390x sles10-sp4.ia64 sles10-sp4.ppc sles10-sp4.x86-64 sle10-sp4-sdk.ppc sle10-sp4-sdk.ia64 sles10-sp4-debuginfo.ia64 sled10-sp4.x86-64 sles10-sp4.s390x sle10-sp4-sdk.x86 ZYPP Patch Nr: 7961
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86	`openssl-doc >= 0.9.8a-18.60.3`	sled10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.s390x sles10-sp4-debuginfo.x86-64 sles10-sp4-debuginfo.ppc sle10-sp4-sdk.s390x sles10-sp4.ia64 sles10-sp4.ppc sles10-sp4.x86-64 sle10-sp4-sdk.ppc sle10-sp4-sdk.ia64 sles10-sp4-debuginfo.ia64 sled10-sp4.x86-64 sles10-sp4.s390x sle10-sp4-sdk.x86 ZYPP Patch Nr: 7961
SUSE Linux Enterprise Server 10 SP4 for x86	`openssl >= 0.9.8a-18.60.3` `openssl-devel >= 0.9.8a-18.60.3` `openssl-doc >= 0.9.8a-18.60.3`	sled10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.s390x sles10-sp4-debuginfo.x86-64 sles10-sp4-debuginfo.ppc sle10-sp4-sdk.s390x sles10-sp4.ia64 sles10-sp4.ppc sles10-sp4.x86-64 sle10-sp4-sdk.ppc sle10-sp4-sdk.ia64 sles10-sp4-debuginfo.ia64 sled10-sp4.x86-64 sles10-sp4.s390x sle10-sp4-sdk.x86 ZYPP Patch Nr: 7961
SUSE Linux Enterprise Server 10 SP4 for IPF	`openssl >= 0.9.8a-18.60.3` `openssl-devel >= 0.9.8a-18.60.3` `openssl-doc >= 0.9.8a-18.60.3` `openssl-x86 >= 0.9.8a-18.60.3`	sled10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.s390x sles10-sp4-debuginfo.x86-64 sles10-sp4-debuginfo.ppc sle10-sp4-sdk.s390x sles10-sp4.ia64 sles10-sp4.ppc sles10-sp4.x86-64 sle10-sp4-sdk.ppc sle10-sp4-sdk.ia64 sles10-sp4-debuginfo.ia64 sled10-sp4.x86-64 sles10-sp4.s390x sle10-sp4-sdk.x86 ZYPP Patch Nr: 7961
SUSE Linux Enterprise Server 10 SP4 for IBM POWER	`openssl >= 0.9.8a-18.60.3` `openssl-64bit >= 0.9.8a-18.60.3` `openssl-devel >= 0.9.8a-18.60.3` `openssl-devel-64bit >= 0.9.8a-18.60.3` `openssl-doc >= 0.9.8a-18.60.3`	sled10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.s390x sles10-sp4-debuginfo.x86-64 sles10-sp4-debuginfo.ppc sle10-sp4-sdk.s390x sles10-sp4.ia64 sles10-sp4.ppc sles10-sp4.x86-64 sle10-sp4-sdk.ppc sle10-sp4-sdk.ia64 sles10-sp4-debuginfo.ia64 sled10-sp4.x86-64 sles10-sp4.s390x sle10-sp4-sdk.x86 ZYPP Patch Nr: 7961
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit	`openssl >= 0.9.8a-18.60.3` `openssl-32bit >= 0.9.8a-18.60.3` `openssl-devel >= 0.9.8a-18.60.3` `openssl-devel-32bit >= 0.9.8a-18.60.3` `openssl-doc >= 0.9.8a-18.60.3`	sled10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.s390x sles10-sp4-debuginfo.x86-64 sles10-sp4-debuginfo.ppc sle10-sp4-sdk.s390x sles10-sp4.ia64 sles10-sp4.ppc sles10-sp4.x86-64 sle10-sp4-sdk.ppc sle10-sp4-sdk.ia64 sles10-sp4-debuginfo.ia64 sled10-sp4.x86-64 sles10-sp4.s390x sle10-sp4-sdk.x86 ZYPP Patch Nr: 7961
openSUSE 11.4	`libopenssl-devel >= 1.0.0c-18.25.1` `libopenssl0_9_8 >= 0.9.8m-6.7.1` `libopenssl0_9_8-32bit >= 0.9.8m-6.7.1` `libopenssl0_9_8-debuginfo >= 0.9.8m-6.7.1` `libopenssl0_9_8-debuginfo-32bit >= 0.9.8m-6.7.1` `libopenssl0_9_8-debugsource >= 0.9.8m-6.7.1` `libopenssl1_0_0 >= 1.0.0c-18.25.1` `libopenssl1_0_0-32bit >= 1.0.0c-18.25.1` `libopenssl1_0_0-debuginfo >= 1.0.0c-18.25.1` `libopenssl1_0_0-debuginfo-32bit >= 1.0.0c-18.25.1` `openssl >= 1.0.0c-18.25.1` `openssl-debuginfo >= 1.0.0c-18.25.1` `openssl-debugsource >= 1.0.0c-18.25.1` `openssl-doc >= 1.0.0c-18.25.1`	Patchnames: libopenssl-devel

CVE-2012-0050

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Services