Upstream information

CVE-2016-0800 at MITRE

Description

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 5.9
Vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Vector Network
Access Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact None
SUSE Bugzilla entries: 961377, 968044 [RESOLVED / FIXED], 968046 [RESOLVED / FIXED], 968888 [RESOLVED / FIXED], 979060 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP4
  • compat-openssl097g >= 0.9.7g-146.22.41.1
  • compat-openssl097g-32bit >= 0.9.7g-146.22.41.1
  • libopenssl0_9_8 >= 0.9.8j-0.89.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.89.1
  • openssl >= 0.9.8j-0.89.1
Patchnames:
sledsp4-compat-openssl097g-12436
sledsp4-openssl-12434
SUSE Linux Enterprise Desktop 12
  • compat-openssl098 >= 0.9.8j-94.1
  • libopenssl0_9_8 >= 0.9.8j-94.1
  • libopenssl0_9_8-32bit >= 0.9.8j-94.1
  • libopenssl1_0_0 >= 1.0.1i-27.13.1
  • libopenssl1_0_0-32bit >= 1.0.1i-27.13.1
  • openssl >= 1.0.1i-27.13.1
Patchnames:
SUSE-SLE-DESKTOP-12-2016-352
SUSE-SLE-DESKTOP-12-2016-367
SUSE Linux Enterprise Desktop 12 SP1
  • compat-openssl098 >= 0.9.8j-94.1
  • libopenssl0_9_8 >= 0.9.8j-94.1
  • libopenssl0_9_8-32bit >= 0.9.8j-94.1
  • libopenssl1_0_0 >= 1.0.1i-44.1
  • libopenssl1_0_0-32bit >= 1.0.1i-44.1
  • openssl >= 1.0.1i-44.1
Patchnames:
SUSE-SLE-DESKTOP-12-SP1-2016-353
SUSE-SLE-DESKTOP-12-SP1-2016-367
SUSE Linux Enterprise Desktop 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl0_9_8 >= 0.9.8j-102.1
  • libopenssl0_9_8-32bit >= 0.9.8j-102.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-32bit >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Desktop 12 SP2 GA libopenssl0_9_8
SUSE Linux Enterprise Module for Containers 12
  • sles11sp4-docker-image >= 1.1.1-20160304104123
  • sles12-docker-image >= 1.1.1-20160307082632
  • sles12sp1-docker-image >= 1.0.4-20160308170633
Patchnames:
SUSE-SLE-Module-Containers-12-2016-440
SUSE-SLE-Module-Containers-12-2016-457
SUSE-SLE-Module-Containers-12-2016-459
SUSE Linux Enterprise Module for Legacy Software 12
  • compat-openssl098 >= 0.9.8j-94.1
  • libopenssl0_9_8 >= 0.9.8j-94.1
  • libopenssl0_9_8-32bit >= 0.9.8j-94.1
Patchnames:
SUSE-SLE-Module-Legacy-12-2016-367
SUSE Linux Enterprise Server 11 SP2-LTSS
  • libopenssl-devel >= 0.9.8j-0.89.1
  • libopenssl0_9_8 >= 0.9.8j-0.89.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.89.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.89.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.89.1
  • openssl >= 0.9.8j-0.89.1
  • openssl-doc >= 0.9.8j-0.89.1
Patchnames:
slessp2-openssl-12434
SUSE Linux Enterprise Server 11 SP3-LTSS
  • libopenssl0_9_8 >= 0.9.8j-0.89.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.89.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.89.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.89.1
  • openssl >= 0.9.8j-0.89.1
  • openssl-doc >= 0.9.8j-0.89.1
Patchnames:
slessp3-openssl-12434
SUSE Linux Enterprise Server 11 SP4
  • libopenssl0_9_8 >= 0.9.8j-0.89.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.89.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.89.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.89.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.89.1
  • openssl >= 0.9.8j-0.89.1
  • openssl-doc >= 0.9.8j-0.89.1
Patchnames:
slessp4-openssl-12434
SUSE Linux Enterprise Server 11-SECURITY
  • libopenssl1-devel >= 1.0.1g-0.40.1
  • libopenssl1_0_0 >= 1.0.1g-0.40.1
  • libopenssl1_0_0-32bit >= 1.0.1g-0.40.1
  • libopenssl1_0_0-x86 >= 1.0.1g-0.40.1
  • openssl1 >= 1.0.1g-0.40.1
  • openssl1-doc >= 1.0.1g-0.40.1
Patchnames:
secsp3-openssl1-12429
SUSE Linux Enterprise Server 12
  • libopenssl1_0_0 >= 1.0.1i-27.13.1
  • libopenssl1_0_0-32bit >= 1.0.1i-27.13.1
  • libopenssl1_0_0-hmac >= 1.0.1i-27.13.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.1i-27.13.1
  • openssl >= 1.0.1i-27.13.1
  • openssl-doc >= 1.0.1i-27.13.1
Patchnames:
SUSE-SLE-SERVER-12-2016-352
SUSE Linux Enterprise Server 12 SP1
  • libopenssl1_0_0 >= 1.0.1i-44.1
  • libopenssl1_0_0-32bit >= 1.0.1i-44.1
  • libopenssl1_0_0-hmac >= 1.0.1i-44.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.1i-44.1
  • openssl >= 1.0.1i-44.1
  • openssl-doc >= 1.0.1i-44.1
Patchnames:
SUSE-SLE-SERVER-12-SP1-2016-353
SUSE Linux Enterprise Server 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-32bit >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
  • openssl-doc >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
  • libopenssl1_0_0 >= 1.0.2j-55.1
  • libopenssl1_0_0-hmac >= 1.0.2j-55.1
  • openssl >= 1.0.2j-55.1
  • openssl-doc >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libopenssl-devel >= 0.9.8j-0.89.1
  • openssl >= 0.9.8j-0.89.1
Patchnames:
sdksp4-openssl-12434
SUSE Linux Enterprise Software Development Kit 12
  • libopenssl-devel >= 1.0.1i-27.13.1
  • openssl >= 1.0.1i-27.13.1
Patchnames:
SUSE-SLE-SDK-12-2016-352
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libopenssl-devel >= 1.0.1i-44.1
  • openssl >= 1.0.1i-44.1
Patchnames:
SUSE-SLE-SDK-12-SP1-2016-353
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libopenssl-devel >= 1.0.2j-55.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise for SAP 11 SP4
  • compat-openssl097g >= 0.9.7g-146.22.41.1
  • compat-openssl097g-32bit >= 0.9.7g-146.22.41.1
Patchnames:
slesappsp4-compat-openssl097g-12436
SUSE Linux Enterprise for SAP 12 SP1
  • compat-openssl098 >= 0.9.8j-94.1
  • libopenssl0_9_8 >= 0.9.8j-94.1
Patchnames:
SUSE-SLE-SAP-12-SP1-2016-367
SUSE Manager 2.1
  • libopenssl-devel >= 0.9.8j-0.91.1
  • libopenssl0_9_8 >= 0.9.8j-0.91.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.91.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.91.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.91.1
  • openssl >= 0.9.8j-0.91.1
  • openssl-doc >= 0.9.8j-0.91.1
Patchnames:
sleman21-openssl-12511
SUSE Manager Proxy 2.1
  • libopenssl-devel >= 0.9.8j-0.91.1
  • libopenssl0_9_8 >= 0.9.8j-0.91.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.91.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.91.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.91.1
  • openssl >= 0.9.8j-0.91.1
  • openssl-doc >= 0.9.8j-0.91.1
Patchnames:
slemap21-openssl-12511
SUSE OpenStack Cloud 5
  • libopenssl-devel >= 0.9.8j-0.91.1
  • libopenssl0_9_8 >= 0.9.8j-0.91.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.91.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.91.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.91.1
  • openssl >= 0.9.8j-0.91.1
  • openssl-doc >= 0.9.8j-0.91.1
Patchnames:
sleclo50sp3-openssl-12511
SUSE Studio Onsite 1.3
  • libopenssl-devel >= 0.9.8j-0.89.1
  • openssl >= 0.9.8j-0.89.1
Patchnames:
slestso13-openssl-12434
SUSE Linux Enterprise Server 10 SP4 LTSS for x86
  • openssl >= 0.9.8a-18.94.2
  • openssl-devel >= 0.9.8a-18.94.2
  • openssl-doc >= 0.9.8a-18.94.2
Builds
ZYPP Patch Nr: 9235
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit
  • openssl >= 0.9.8a-18.94.2
  • openssl-32bit >= 0.9.8a-18.94.2
  • openssl-devel >= 0.9.8a-18.94.2
  • openssl-devel-32bit >= 0.9.8a-18.94.2
  • openssl-doc >= 0.9.8a-18.94.2
Builds
ZYPP Patch Nr: 9235
openSUSE 13.1
  • libopenssl-devel >= 1.0.1k-11.84.1
  • libopenssl-devel-32bit >= 1.0.1k-11.84.1
  • libopenssl0_9_8 >= 0.9.8zh-5.3.1
  • libopenssl0_9_8-32bit >= 0.9.8zh-5.3.1
  • libopenssl0_9_8-debuginfo >= 0.9.8zh-5.3.1
  • libopenssl0_9_8-debuginfo-32bit >= 0.9.8zh-5.3.1
  • libopenssl0_9_8-debugsource >= 0.9.8zh-5.3.1
  • libopenssl1_0_0 >= 1.0.1k-11.84.1
  • libopenssl1_0_0-32bit >= 1.0.1k-11.84.1
  • libopenssl1_0_0-debuginfo >= 1.0.1k-11.84.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.1k-11.84.1
  • openssl >= 1.0.1k-11.84.1
  • openssl-debuginfo >= 1.0.1k-11.84.1
  • openssl-debugsource >= 1.0.1k-11.84.1
  • openssl-doc >= 1.0.1k-11.84.1
Patchnames:
2016-292
2016-563
openSUSE 13.2
  • libopenssl-devel >= 1.0.1k-2.33.1
  • libopenssl-devel-32bit >= 1.0.1k-2.33.1
  • libopenssl0_9_8 >= 0.9.8zh-9.3.1
  • libopenssl0_9_8-32bit >= 0.9.8zh-9.3.1
  • libopenssl0_9_8-debuginfo >= 0.9.8zh-9.3.1
  • libopenssl0_9_8-debuginfo-32bit >= 0.9.8zh-9.3.1
  • libopenssl0_9_8-debugsource >= 0.9.8zh-9.3.1
  • libopenssl1_0_0 >= 1.0.1k-2.33.1
  • libopenssl1_0_0-32bit >= 1.0.1k-2.33.1
  • libopenssl1_0_0-debuginfo >= 1.0.1k-2.33.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.1k-2.33.1
  • libopenssl1_0_0-hmac >= 1.0.1k-2.33.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.1k-2.33.1
  • openssl >= 1.0.1k-2.33.1
  • openssl-debuginfo >= 1.0.1k-2.33.1
  • openssl-debugsource >= 1.0.1k-2.33.1
  • openssl-doc >= 1.0.1k-2.33.1
Patchnames:
openSUSE-2016-288
openSUSE-2016-294
openSUSE Evergreen 11.4
  • libopenssl-devel >= 1.0.1p-71.1
  • libopenssl-devel-32bit >= 1.0.1p-71.1
  • libopenssl0_9_8 >= 0.9.8zh-14.1
  • libopenssl0_9_8-32bit >= 0.9.8zh-14.1
  • libopenssl0_9_8-debuginfo >= 0.9.8zh-14.1
  • libopenssl0_9_8-debuginfo-32bit >= 0.9.8zh-14.1
  • libopenssl0_9_8-debuginfo-x86 >= 0.9.8zh-14.1
  • libopenssl0_9_8-debugsource >= 0.9.8zh-14.1
  • libopenssl0_9_8-x86 >= 0.9.8zh-14.1
  • libopenssl1_0_0 >= 1.0.1p-71.1
  • libopenssl1_0_0-32bit >= 1.0.1p-71.1
  • libopenssl1_0_0-debuginfo >= 1.0.1p-71.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.1p-71.1
  • libopenssl1_0_0-debuginfo-x86 >= 1.0.1p-71.1
  • libopenssl1_0_0-x86 >= 1.0.1p-71.1
  • openssl >= 1.0.1p-71.1
  • openssl-debuginfo >= 1.0.1p-71.1
  • openssl-debugsource >= 1.0.1p-71.1
  • openssl-doc >= 1.0.1p-71.1
Patchnames:
2016-293
2016-563
openSUSE Leap 42.1
  • compat-openssl098 >= 0.9.8j-9.1
  • compat-openssl098-debugsource >= 0.9.8j-9.1
  • libopenssl-devel >= 1.0.1i-12.1
  • libopenssl-devel-32bit >= 1.0.1i-12.1
  • libopenssl0_9_8 >= 0.9.8j-9.1
  • libopenssl0_9_8-32bit >= 0.9.8j-9.1
  • libopenssl0_9_8-debuginfo >= 0.9.8j-9.1
  • libopenssl0_9_8-debuginfo-32bit >= 0.9.8j-9.1
  • libopenssl0_9_8-debugsource >= 0.9.8zh-14.1
  • libopenssl1_0_0 >= 1.0.1i-12.1
  • libopenssl1_0_0-32bit >= 1.0.1i-12.1
  • libopenssl1_0_0-debuginfo >= 1.0.1i-12.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.1i-12.1
  • libopenssl1_0_0-hmac >= 1.0.1i-12.1
  • libopenssl1_0_0-hmac-32bit >= 1.0.1i-12.1
  • openssl >= 1.0.1i-12.1
  • openssl-debuginfo >= 1.0.1i-12.1
  • openssl-debugsource >= 1.0.1i-12.1
  • openssl-doc >= 1.0.1i-12.1
Patchnames:
openSUSE-2016-289
openSUSE-2016-294
openSUSE-2016-327
openSUSE Leap 42.2
  • libopenssl-devel >= 1.0.2j-2.2
  • libopenssl1_0_0 >= 1.0.2j-2.2
  • libopenssl1_0_0-32bit >= 1.0.2j-2.2
  • openssl >= 1.0.2j-2.2
Patchnames:
openSUSE Leap 42.2 GA libopenssl-devel
openSUSE Tumbleweed
  • libopenssl-devel >= 1.0.2j-2.2
  • libopenssl-devel-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0 >= 1.0.2j-2.2
  • libopenssl1_0_0-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0-hmac >= 1.0.2j-2.2
  • libopenssl1_0_0-hmac-32bit >= 1.0.2j-2.2
  • libopenssl1_0_0-steam >= 1.0.2h-4.1
  • libopenssl1_0_0-steam-32bit >= 1.0.2h-4.1
  • openssl >= 1.0.2j-2.2
  • openssl-doc >= 1.0.2j-2.2
Patchnames:
openSUSE Tumbleweed GA libopenssl-devel
openSUSE Tumbleweed GA libopenssl1_0_0-steam