Upstream information
Description
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4.3 |
Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
- TID7021300, published Sat Mar 3 09:45:58 UTC 2018
- TID7022768, published Sa 19. Mai 14:06:16 CEST 2018
- openSUSE-SU-2014:0012-1, published Fri, 3 Jan 2014 22:06:59 +0100 (CET)
- openSUSE-SU-2014:0015-1, published Fri, 3 Jan 2014 22:07:52 +0100 (CET)
- openSUSE-SU-2014:0018-1, published Fri, 3 Jan 2014 22:08:33 +0100 (CET)
- openSUSE-SU-2014:0048-1, published Sat, 11 Jan 2014 16:04:13 +0100 (CET)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 12 |
| Patchnames: SUSE Linux Enterprise Desktop 12 GA libopenssl1_0_0 |
SUSE Linux Enterprise Desktop 12 SP1 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA libopenssl1_0_0 |
SUSE Linux Enterprise Desktop 12 SP2 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA libopenssl-devel |
SUSE Linux Enterprise Desktop 12 SP3 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP3 GA libopenssl-devel |
SUSE Linux Enterprise Desktop 12 SP4 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP4 GA libopenssl-1_0_0-devel SUSE Linux Enterprise Desktop 12 SP4 GA libopenssl-devel SUSE Linux Enterprise Desktop 12 SP4 GA libopenssl1_1 |
SUSE Linux Enterprise Module for Basesystem 15 |
| Patchnames: SUSE Linux Enterprise Module for Basesystem 15 GA libopenssl-1_1-devel SUSE Linux Enterprise Module for Basesystem 15 GA libopenssl-devel |
SUSE Linux Enterprise Module for Legacy Software 15 |
| Patchnames: SUSE Linux Enterprise Module for Legacy Software 15 GA libopenssl-1_0_0-devel |
SUSE Linux Enterprise Server 11-SECURITY |
| Patchnames: SUSE Linux Enterprise Server 11-SECURITY GA libopenssl1-devel |
SUSE Linux Enterprise Server 12 |
| Patchnames: SUSE Linux Enterprise Server 12 GA libopenssl1_0_0 |
SUSE Linux Enterprise Server 12 SP1 |
| Patchnames: SUSE Linux Enterprise Server 12 SP1 GA libopenssl1_0_0 |
SUSE Linux Enterprise Server 12 SP2 |
| Patchnames: SUSE Linux Enterprise Server 12 SP2 GA libopenssl-devel |
SUSE Linux Enterprise Server 12 SP3 |
| Patchnames: SUSE Linux Enterprise Server 12 SP3 GA libopenssl-devel |
SUSE Linux Enterprise Server 12 SP4 |
| Patchnames: SUSE Linux Enterprise Server 12 SP4 GA libopenssl-1_0_0-devel SUSE Linux Enterprise Server 12 SP4 GA libopenssl-devel SUSE Linux Enterprise Server 12 SP4 GA libopenssl1_1 |
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 |
| Patchnames: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libopenssl-devel |
SUSE Linux Enterprise Software Development Kit 12 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 GA libopenssl-devel |
SUSE Linux Enterprise Software Development Kit 12 SP1 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA libopenssl-devel |
SUSE Linux Enterprise Software Development Kit 12 SP2 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA libopenssl-devel |
SUSE Linux Enterprise Software Development Kit 12 SP3 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP3 GA libopenssl-devel |
SUSE Linux Enterprise Software Development Kit 12 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP4 GA libopenssl-1_0_0-devel SUSE Linux Enterprise Software Development Kit 12 SP4 GA libopenssl-1_1-devel SUSE Linux Enterprise Software Development Kit 12 SP4 GA libopenssl-devel |
openSUSE 12.3 |
| Patchnames: openSUSE-2014-10 openSUSE-2014-27 |
openSUSE 13.1 |
| Patchnames: openSUSE-2014-27 openSUSE-2014-4 |
openSUSE Leap 15.0 |
| Patchnames: openSUSE Leap 15.0 GA libopenssl1_0_0 openSUSE Leap 15.0 GA libopenssl1_1 openSUSE Leap 15.0 GA openssl |
openSUSE Leap 42.1 |
| Patchnames: openSUSE Leap 42.1 GA libopenssl-devel |
openSUSE Leap 42.2 |
| Patchnames: openSUSE Leap 42.2 GA libopenssl-devel |
openSUSE Leap 42.3 |
| Patchnames: openSUSE Leap 42.3 GA libopenssl-devel |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA libopenssl-devel openSUSE Tumbleweed GA libopenssl1_0_0-steam |