CVE-2016-0800

Upstream information

CVE-2016-0800 at MITRE

Description

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

SUSE information

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.30
Vector	AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

CVSS v3 Scores
	National Vulnerability Database
Base Score	5.9
Vector	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Vector	Network
Access Complexity	High
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	None
Availability Impact	None

SUSE Bugzilla entries: 961377, 968044 [RESOLVED / FIXED], 968046 [RESOLVED / FIXED], 968888 [RESOLVED / FIXED], 979060 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SU-2016:0617-1, published Tue, 1 Mar 2016 18:12:06 +0100 (CET)
SUSE-SU-2016:0620-1, published Tue, 1 Mar 2016 18:16:02 +0100 (CET)
SUSE-SU-2016:0621-1, published Tue, 1 Mar 2016 18:19:06 +0100 (CET)
SUSE-SU-2016:0624-1, published Tue, 1 Mar 2016 19:12:02 +0100 (CET)
SUSE-SU-2016:0631-1, published Wed, 2 Mar 2016 18:12:06 +0100 (CET)
SUSE-SU-2016:0641-1, published Thu, 3 Mar 2016 15:11:31 +0100 (CET)
SUSE-SU-2016:0678-1, published Mon, 7 Mar 2016 18:13:37 +0100 (CET)
SUSE-SU-2016:0748-1, published Mon, 14 Mar 2016 18:13:37 +0100 (CET)
SUSE-SU-2016:0778-1, published Tue, 15 Mar 2016 21:11:47 +0100 (CET)
SUSE-SU-2016:0786-1, published Wed, 16 Mar 2016 15:28:52 +0100 (CET)
SUSE-SU-2016:1057-1, published Fri, 15 Apr 2016 21:09:44 +0200 (CEST)
TID7017297, published Wed Mar 2 01:10:35 CET 2016
openSUSE-SU-2016:0627-1, published Wed, 2 Mar 2016 12:11:42 +0100 (CET)
openSUSE-SU-2016:0628-1, published Wed, 2 Mar 2016 14:11:45 +0100 (CET)
openSUSE-SU-2016:0637-1, published Wed, 2 Mar 2016 23:12:04 +0100 (CET)
openSUSE-SU-2016:0640-1, published Thu, 3 Mar 2016 14:11:44 +0100 (CET)
openSUSE-SU-2016:0720-1, published Fri, 11 Mar 2016 14:14:22 +0100 (CET)
openSUSE-SU-2016:1239-1, published Thu, 5 May 2016 13:09:43 +0200 (CEST)
openSUSE-SU-2016:1241-1, published Thu, 5 May 2016 13:12:11 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP4	`compat-openssl097g >= 0.9.7g-146.22.41.1` `compat-openssl097g-32bit >= 0.9.7g-146.22.41.1` `libopenssl0_9_8 >= 0.9.8j-0.89.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.89.1` `openssl >= 0.9.8j-0.89.1`	Patchnames: sledsp4-compat-openssl097g-12436 sledsp4-openssl-12434
SUSE Linux Enterprise Desktop 12	`compat-openssl098 >= 0.9.8j-94.1` `libopenssl0_9_8 >= 0.9.8j-94.1` `libopenssl0_9_8-32bit >= 0.9.8j-94.1` `libopenssl1_0_0 >= 1.0.1i-27.13.1` `libopenssl1_0_0-32bit >= 1.0.1i-27.13.1` `openssl >= 1.0.1i-27.13.1`	Patchnames: SUSE-SLE-DESKTOP-12-2016-352 SUSE-SLE-DESKTOP-12-2016-367
SUSE Linux Enterprise Desktop 12 SP1	`compat-openssl098 >= 0.9.8j-94.1` `libopenssl0_9_8 >= 0.9.8j-94.1` `libopenssl0_9_8-32bit >= 0.9.8j-94.1` `libopenssl1_0_0 >= 1.0.1i-44.1` `libopenssl1_0_0-32bit >= 1.0.1i-44.1` `openssl >= 1.0.1i-44.1`	Patchnames: SUSE-SLE-DESKTOP-12-SP1-2016-353 SUSE-SLE-DESKTOP-12-SP1-2016-367
SUSE Linux Enterprise Desktop 12 SP2	`libopenssl-devel >= 1.0.2j-55.1` `libopenssl0_9_8 >= 0.9.8j-102.1` `libopenssl0_9_8-32bit >= 0.9.8j-102.1` `libopenssl1_0_0 >= 1.0.2j-55.1` `libopenssl1_0_0-32bit >= 1.0.2j-55.1` `openssl >= 1.0.2j-55.1`	Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA libopenssl-devel SUSE Linux Enterprise Desktop 12 SP2 GA libopenssl0_9_8
SUSE Linux Enterprise Module for Containers 12	`sles11sp4-docker-image >= 1.1.1-20160304104123` `sles12-docker-image >= 1.1.1-20160307082632` `sles12sp1-docker-image >= 1.0.4-20160308170633`	Patchnames: SUSE-SLE-Module-Containers-12-2016-440 SUSE-SLE-Module-Containers-12-2016-457 SUSE-SLE-Module-Containers-12-2016-459
SUSE Linux Enterprise Module for Legacy Software 12	`compat-openssl098 >= 0.9.8j-94.1` `libopenssl0_9_8 >= 0.9.8j-94.1` `libopenssl0_9_8-32bit >= 0.9.8j-94.1`	Patchnames: SUSE-SLE-Module-Legacy-12-2016-367
SUSE Linux Enterprise Server 11 SP2-LTSS	`libopenssl-devel >= 0.9.8j-0.89.1` `libopenssl0_9_8 >= 0.9.8j-0.89.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.89.1` `libopenssl0_9_8-hmac >= 0.9.8j-0.89.1` `libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.89.1` `openssl >= 0.9.8j-0.89.1` `openssl-doc >= 0.9.8j-0.89.1`	Patchnames: slessp2-openssl-12434
SUSE Linux Enterprise Server 11 SP3-LTSS	`libopenssl0_9_8 >= 0.9.8j-0.89.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.89.1` `libopenssl0_9_8-hmac >= 0.9.8j-0.89.1` `libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.89.1` `openssl >= 0.9.8j-0.89.1` `openssl-doc >= 0.9.8j-0.89.1`	Patchnames: slessp3-openssl-12434
SUSE Linux Enterprise Server 11 SP4	`libopenssl0_9_8 >= 0.9.8j-0.89.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.89.1` `libopenssl0_9_8-hmac >= 0.9.8j-0.89.1` `libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.89.1` `libopenssl0_9_8-x86 >= 0.9.8j-0.89.1` `openssl >= 0.9.8j-0.89.1` `openssl-doc >= 0.9.8j-0.89.1`	Patchnames: slessp4-openssl-12434
SUSE Linux Enterprise Server 11-SECURITY	`libopenssl1-devel >= 1.0.1g-0.40.1` `libopenssl1_0_0 >= 1.0.1g-0.40.1` `libopenssl1_0_0-32bit >= 1.0.1g-0.40.1` `libopenssl1_0_0-x86 >= 1.0.1g-0.40.1` `openssl1 >= 1.0.1g-0.40.1` `openssl1-doc >= 1.0.1g-0.40.1`	Patchnames: secsp3-openssl1-12429
SUSE Linux Enterprise Server 12	`libopenssl1_0_0 >= 1.0.1i-27.13.1` `libopenssl1_0_0-32bit >= 1.0.1i-27.13.1` `libopenssl1_0_0-hmac >= 1.0.1i-27.13.1` `libopenssl1_0_0-hmac-32bit >= 1.0.1i-27.13.1` `openssl >= 1.0.1i-27.13.1` `openssl-doc >= 1.0.1i-27.13.1`	Patchnames: SUSE-SLE-SERVER-12-2016-352
SUSE Linux Enterprise Server 12 SP1	`libopenssl1_0_0 >= 1.0.1i-44.1` `libopenssl1_0_0-32bit >= 1.0.1i-44.1` `libopenssl1_0_0-hmac >= 1.0.1i-44.1` `libopenssl1_0_0-hmac-32bit >= 1.0.1i-44.1` `openssl >= 1.0.1i-44.1` `openssl-doc >= 1.0.1i-44.1`	Patchnames: SUSE-SLE-SERVER-12-SP1-2016-353
SUSE Linux Enterprise Server 12 SP2	`libopenssl-devel >= 1.0.2j-55.1` `libopenssl1_0_0 >= 1.0.2j-55.1` `libopenssl1_0_0-32bit >= 1.0.2j-55.1` `libopenssl1_0_0-hmac >= 1.0.2j-55.1` `libopenssl1_0_0-hmac-32bit >= 1.0.2j-55.1` `openssl >= 1.0.2j-55.1` `openssl-doc >= 1.0.2j-55.1`	Patchnames: SUSE Linux Enterprise Server 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2	`libopenssl-devel >= 1.0.2j-55.1` `libopenssl1_0_0 >= 1.0.2j-55.1` `libopenssl1_0_0-hmac >= 1.0.2j-55.1` `openssl >= 1.0.2j-55.1` `openssl-doc >= 1.0.2j-55.1`	Patchnames: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise Software Development Kit 11 SP4	`libopenssl-devel >= 0.9.8j-0.89.1` `openssl >= 0.9.8j-0.89.1`	Patchnames: sdksp4-openssl-12434
SUSE Linux Enterprise Software Development Kit 12	`libopenssl-devel >= 1.0.1i-27.13.1` `openssl >= 1.0.1i-27.13.1`	Patchnames: SUSE-SLE-SDK-12-2016-352
SUSE Linux Enterprise Software Development Kit 12 SP1	`libopenssl-devel >= 1.0.1i-44.1` `openssl >= 1.0.1i-44.1`	Patchnames: SUSE-SLE-SDK-12-SP1-2016-353
SUSE Linux Enterprise Software Development Kit 12 SP2	`libopenssl-devel >= 1.0.2j-55.1`	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA libopenssl-devel
SUSE Linux Enterprise for SAP 11 SP4	`compat-openssl097g >= 0.9.7g-146.22.41.1` `compat-openssl097g-32bit >= 0.9.7g-146.22.41.1`	Patchnames: slesappsp4-compat-openssl097g-12436
SUSE Linux Enterprise for SAP 12 SP1	`compat-openssl098 >= 0.9.8j-94.1` `libopenssl0_9_8 >= 0.9.8j-94.1`	Patchnames: SUSE-SLE-SAP-12-SP1-2016-367
SUSE Manager 2.1	`libopenssl-devel >= 0.9.8j-0.91.1` `libopenssl0_9_8 >= 0.9.8j-0.91.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.91.1` `libopenssl0_9_8-hmac >= 0.9.8j-0.91.1` `libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.91.1` `openssl >= 0.9.8j-0.91.1` `openssl-doc >= 0.9.8j-0.91.1`	Patchnames: sleman21-openssl-12511
SUSE Manager Proxy 2.1	`libopenssl-devel >= 0.9.8j-0.91.1` `libopenssl0_9_8 >= 0.9.8j-0.91.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.91.1` `libopenssl0_9_8-hmac >= 0.9.8j-0.91.1` `libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.91.1` `openssl >= 0.9.8j-0.91.1` `openssl-doc >= 0.9.8j-0.91.1`	Patchnames: slemap21-openssl-12511
SUSE OpenStack Cloud 5	`libopenssl-devel >= 0.9.8j-0.91.1` `libopenssl0_9_8 >= 0.9.8j-0.91.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.91.1` `libopenssl0_9_8-hmac >= 0.9.8j-0.91.1` `libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.91.1` `openssl >= 0.9.8j-0.91.1` `openssl-doc >= 0.9.8j-0.91.1`	Patchnames: sleclo50sp3-openssl-12511
SUSE Studio Onsite 1.3	`libopenssl-devel >= 0.9.8j-0.89.1` `openssl >= 0.9.8j-0.89.1`	Patchnames: slestso13-openssl-12434
SUSE Linux Enterprise Server 10 SP4 LTSS for x86	`openssl >= 0.9.8a-18.94.2` `openssl-devel >= 0.9.8a-18.94.2` `openssl-doc >= 0.9.8a-18.94.2`	Builds ZYPP Patch Nr: 9235
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit	`openssl >= 0.9.8a-18.94.2` `openssl-32bit >= 0.9.8a-18.94.2` `openssl-devel >= 0.9.8a-18.94.2` `openssl-devel-32bit >= 0.9.8a-18.94.2` `openssl-doc >= 0.9.8a-18.94.2`	Builds ZYPP Patch Nr: 9235
openSUSE 13.1	`libopenssl-devel >= 1.0.1k-11.84.1` `libopenssl-devel-32bit >= 1.0.1k-11.84.1` `libopenssl0_9_8 >= 0.9.8zh-5.3.1` `libopenssl0_9_8-32bit >= 0.9.8zh-5.3.1` `libopenssl0_9_8-debuginfo >= 0.9.8zh-5.3.1` `libopenssl0_9_8-debuginfo-32bit >= 0.9.8zh-5.3.1` `libopenssl0_9_8-debugsource >= 0.9.8zh-5.3.1` `libopenssl1_0_0 >= 1.0.1k-11.84.1` `libopenssl1_0_0-32bit >= 1.0.1k-11.84.1` `libopenssl1_0_0-debuginfo >= 1.0.1k-11.84.1` `libopenssl1_0_0-debuginfo-32bit >= 1.0.1k-11.84.1` `openssl >= 1.0.1k-11.84.1` `openssl-debuginfo >= 1.0.1k-11.84.1` `openssl-debugsource >= 1.0.1k-11.84.1` `openssl-doc >= 1.0.1k-11.84.1`	Patchnames: 2016-292 2016-563
openSUSE 13.2	`libopenssl-devel >= 1.0.1k-2.33.1` `libopenssl-devel-32bit >= 1.0.1k-2.33.1` `libopenssl0_9_8 >= 0.9.8zh-9.3.1` `libopenssl0_9_8-32bit >= 0.9.8zh-9.3.1` `libopenssl0_9_8-debuginfo >= 0.9.8zh-9.3.1` `libopenssl0_9_8-debuginfo-32bit >= 0.9.8zh-9.3.1` `libopenssl0_9_8-debugsource >= 0.9.8zh-9.3.1` `libopenssl1_0_0 >= 1.0.1k-2.33.1` `libopenssl1_0_0-32bit >= 1.0.1k-2.33.1` `libopenssl1_0_0-debuginfo >= 1.0.1k-2.33.1` `libopenssl1_0_0-debuginfo-32bit >= 1.0.1k-2.33.1` `libopenssl1_0_0-hmac >= 1.0.1k-2.33.1` `libopenssl1_0_0-hmac-32bit >= 1.0.1k-2.33.1` `openssl >= 1.0.1k-2.33.1` `openssl-debuginfo >= 1.0.1k-2.33.1` `openssl-debugsource >= 1.0.1k-2.33.1` `openssl-doc >= 1.0.1k-2.33.1`	Patchnames: openSUSE-2016-288 openSUSE-2016-294
openSUSE Evergreen 11.4	`libopenssl-devel >= 1.0.1p-71.1` `libopenssl-devel-32bit >= 1.0.1p-71.1` `libopenssl0_9_8 >= 0.9.8zh-14.1` `libopenssl0_9_8-32bit >= 0.9.8zh-14.1` `libopenssl0_9_8-debuginfo >= 0.9.8zh-14.1` `libopenssl0_9_8-debuginfo-32bit >= 0.9.8zh-14.1` `libopenssl0_9_8-debuginfo-x86 >= 0.9.8zh-14.1` `libopenssl0_9_8-debugsource >= 0.9.8zh-14.1` `libopenssl0_9_8-x86 >= 0.9.8zh-14.1` `libopenssl1_0_0 >= 1.0.1p-71.1` `libopenssl1_0_0-32bit >= 1.0.1p-71.1` `libopenssl1_0_0-debuginfo >= 1.0.1p-71.1` `libopenssl1_0_0-debuginfo-32bit >= 1.0.1p-71.1` `libopenssl1_0_0-debuginfo-x86 >= 1.0.1p-71.1` `libopenssl1_0_0-x86 >= 1.0.1p-71.1` `openssl >= 1.0.1p-71.1` `openssl-debuginfo >= 1.0.1p-71.1` `openssl-debugsource >= 1.0.1p-71.1` `openssl-doc >= 1.0.1p-71.1`	Patchnames: 2016-293 2016-563
openSUSE Leap 42.1	`compat-openssl098 >= 0.9.8j-9.1` `compat-openssl098-debugsource >= 0.9.8j-9.1` `libopenssl-devel >= 1.0.1i-12.1` `libopenssl-devel-32bit >= 1.0.1i-12.1` `libopenssl0_9_8 >= 0.9.8j-9.1` `libopenssl0_9_8-32bit >= 0.9.8j-9.1` `libopenssl0_9_8-debuginfo >= 0.9.8j-9.1` `libopenssl0_9_8-debuginfo-32bit >= 0.9.8j-9.1` `libopenssl0_9_8-debugsource >= 0.9.8zh-14.1` `libopenssl1_0_0 >= 1.0.1i-12.1` `libopenssl1_0_0-32bit >= 1.0.1i-12.1` `libopenssl1_0_0-debuginfo >= 1.0.1i-12.1` `libopenssl1_0_0-debuginfo-32bit >= 1.0.1i-12.1` `libopenssl1_0_0-hmac >= 1.0.1i-12.1` `libopenssl1_0_0-hmac-32bit >= 1.0.1i-12.1` `openssl >= 1.0.1i-12.1` `openssl-debuginfo >= 1.0.1i-12.1` `openssl-debugsource >= 1.0.1i-12.1` `openssl-doc >= 1.0.1i-12.1`	Patchnames: openSUSE-2016-289 openSUSE-2016-294 openSUSE-2016-327
openSUSE Leap 42.2	`libopenssl-devel >= 1.0.2j-2.2` `libopenssl1_0_0 >= 1.0.2j-2.2` `libopenssl1_0_0-32bit >= 1.0.2j-2.2` `openssl >= 1.0.2j-2.2`	Patchnames: openSUSE Leap 42.2 GA libopenssl-devel
openSUSE Tumbleweed	`libopenssl-devel >= 1.0.2j-2.2` `libopenssl-devel-32bit >= 1.0.2j-2.2` `libopenssl1_0_0 >= 1.0.2j-2.2` `libopenssl1_0_0-32bit >= 1.0.2j-2.2` `libopenssl1_0_0-hmac >= 1.0.2j-2.2` `libopenssl1_0_0-hmac-32bit >= 1.0.2j-2.2` `libopenssl1_0_0-steam >= 1.0.2h-4.1` `libopenssl1_0_0-steam-32bit >= 1.0.2h-4.1` `openssl >= 1.0.2j-2.2` `openssl-doc >= 1.0.2j-2.2`	Patchnames: openSUSE Tumbleweed GA libopenssl-devel openSUSE Tumbleweed GA libopenssl1_0_0-steam