Upstream information

CVE-2013-6450 at MITRE

Description

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.76
Vector AV:N/AC:M/Au:N/C:N/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 857203 [RESOLVED / FIXED], 861384 [RESOLVED / FIXED], 986238 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libopenssl1_0_0 >= 1.0.1i-2.12
  • libopenssl1_0_0-32bit >= 1.0.1i-2.12
  • openssl >= 1.0.1i-2.12
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libopenssl1_0_0
SUSE Linux Enterprise Desktop 12 SP1
  • libopenssl1_0_0 >= 1.0.1i-34.1
  • libopenssl1_0_0-32bit >= 1.0.1i-34.1
  • openssl >= 1.0.1i-34.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libopenssl1_0_0
SUSE Linux Enterprise Desktop 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-32bit >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Server 12
  • libopenssl1_0_0 >= 1.0.1i-2.7
  • libopenssl1_0_0-32bit >= 1.0.1i-2.12
  • libopenssl1_0_0-hmac >= 1.0.1i-2.7
  • libopenssl1_0_0-hmac-32bit >= 1.0.1i-2.12
  • openssl >= 1.0.1i-2.7
  • openssl-doc >= 1.0.1i-2.7
Patchnames:
SUSE Linux Enterprise Server 12 GA libopenssl1_0_0
SUSE Linux Enterprise Server 12 SP1
  • libopenssl1_0_0 >= 1.0.1i-34.1
  • libopenssl1_0_0-32bit >= 1.0.1i-34.1
  • libopenssl1_0_0-hmac >= 1.0.1i-34.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.1i-34.1
  • openssl >= 1.0.1i-34.1
  • openssl-doc >= 1.0.1i-34.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libopenssl1_0_0
SUSE Linux Enterprise Server 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-32bit >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
  • openssl-doc >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 12
  • libopenssl-devel >= 1.0.1i-2.12
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libopenssl-devel >= 1.0.1i-34.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libopenssl-devel
openSUSE 12.3
  • libopenssl-devel >= 1.0.1e-1.21.1
  • libopenssl-devel-32bit >= 1.0.1e-1.21.1
  • libopenssl1_0_0 >= 1.0.1e-1.21.1
  • libopenssl1_0_0-32bit >= 1.0.1e-1.21.1
  • libopenssl1_0_0-debuginfo >= 1.0.1e-1.21.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.1e-1.21.1
  • openssl >= 1.0.1e-1.21.1
  • openssl-debuginfo >= 1.0.1e-1.21.1
  • openssl-debugsource >= 1.0.1e-1.21.1
  • openssl-doc >= 1.0.1e-1.21.1
Patchnames:
openSUSE-2014-27
openSUSE 13.1
  • libopenssl-devel >= 1.0.1e-11.9.1
  • libopenssl-devel-32bit >= 1.0.1e-11.9.1
  • libopenssl1_0_0 >= 1.0.1e-11.9.1
  • libopenssl1_0_0-32bit >= 1.0.1e-11.9.1
  • libopenssl1_0_0-debuginfo >= 1.0.1e-11.9.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.1e-11.9.1
  • openssl >= 1.0.1e-11.9.1
  • openssl-debuginfo >= 1.0.1e-11.9.1
  • openssl-debugsource >= 1.0.1e-11.9.1
  • openssl-doc >= 1.0.1e-11.9.1
Patchnames:
openSUSE-2014-27
openSUSE 13.2
  • libopenssl-devel >= 1.0.1i-2.1.4
  • libopenssl1_0_0 >= 1.0.1i-2.1.4
  • libopenssl1_0_0-32bit >= 1.0.1i-2.1.4
  • openssl >= 1.0.1i-2.1.4
Patchnames:
openSUSE 13.2 GA libopenssl-devel
openSUSE Evergreen 11.4
  • libopenssl-devel >= 1.0.0l-18.49.1
  • libopenssl1_0_0 >= 1.0.0l-18.49.1
  • libopenssl1_0_0-32bit >= 1.0.0l-18.49.1
  • libopenssl1_0_0-debuginfo >= 1.0.0l-18.49.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.0l-18.49.1
  • libopenssl1_0_0-debuginfo-x86 >= 1.0.0l-18.49.1
  • libopenssl1_0_0-x86 >= 1.0.0l-18.49.1
  • openssl >= 1.0.0l-18.49.1
  • openssl-debuginfo >= 1.0.0l-18.49.1
  • openssl-debugsource >= 1.0.0l-18.49.1
  • openssl-doc >= 1.0.0l-18.49.1
Patchnames:
2014-6
openSUSE Leap 42.1
  • libopenssl-devel >= 1.0.1i-4.1
  • libopenssl1_0_0 >= 1.0.1i-4.1
  • libopenssl1_0_0-32bit >= 1.0.1i-4.1
  • openssl >= 1.0.1i-4.1
Patchnames:
openSUSE Leap 42.1 GA libopenssl-devel
openSUSE Leap 42.2
  • libopenssl-devel >= 1.0.2j-2.2
  • libopenssl1_0_0 >= 1.0.2j-2.2
  • libopenssl1_0_0-32bit >= 1.0.2j-2.2
  • openssl >= 1.0.2j-2.2
Patchnames:
openSUSE Leap 42.2 GA libopenssl-devel
openSUSE Tumbleweed
  • libopenssl-devel >= 1.0.2j-2.2
  • libopenssl-devel-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0 >= 1.0.2j-2.2
  • libopenssl1_0_0-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0-hmac >= 1.0.2j-2.2
  • libopenssl1_0_0-hmac-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0-steam >= 1.0.2h-4.1
  • libopenssl1_0_0-steam-32bit >= 1.0.2h-4.1
  • openssl >= 1.0.2j-2.2
  • openssl-doc >= 1.0.2j-2.2
Patchnames:
openSUSE Tumbleweed GA libopenssl-devel
openSUSE Tumbleweed GA libopenssl1_0_0-steam