Errata ALT-PU-2016-1072-1: Информация
Исправления
Опубликовано: 23 марта 2015 г.
BDU:2015-09820
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Важность: HIGH (7,3) Вектор: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Ссылки:
Опубликовано: 23 марта 2015 г.
BDU:2015-09821
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Важность: HIGH (7,5)
Ссылки:
Опубликовано: 23 марта 2015 г.
BDU:2015-09822
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Важность: HIGH (7,5)
Ссылки:
Опубликовано: 23 марта 2015 г.
BDU:2015-09823
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Важность: HIGH (7,5)
Ссылки:
Опубликовано: 23 марта 2015 г.
BDU:2015-09824
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Важность: HIGH (7,5)
Ссылки:
Опубликовано: 12 июня 2015 г.
BDU:2015-11035
Уязвимость функции BN_GF2m_mod_inv библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Важность: MEDIUM (4,3)
Ссылки:
Опубликовано: 12 июня 2015 г.
BDU:2015-11036
Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Важность: MEDIUM (4,3)
Ссылки:
Опубликовано: 12 июня 2015 г.
BDU:2015-11037
Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Важность: MEDIUM (5,0)
Ссылки:
Опубликовано: 12 июня 2015 г.
BDU:2015-11038
Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Важность: MEDIUM (6,8)
Ссылки:
Опубликовано: 12 июня 2015 г.
BDU:2015-11039
Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Важность: MEDIUM (5,0)
Ссылки:
Опубликовано: 9 июля 2015 г.
BDU:2015-11040
Уязвимость библиотеки OpenSSL, позволяющая нарушителю нарушить штатную процедуру проверки цепочек сертификатов
Важность: MEDIUM (6,4)
Ссылки:
Опубликовано: 20 мая 2015 г.
BDU:2015-11042
Уязвимость библиотеки OpenSSL, позволяющая нарушителю проводить атаки, направленные на снижение стойкости алгоритма шифрования
Важность: LOW (3,7) Вектор: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Ссылки:
Опубликовано: 15 февраля 2016 г.
BDU:2016-00666
Уязвимость библиотеки OpenSSL, позволяющая нарушителю получить закрытый ключ
Важность: LOW (2,6)
Ссылки:
Опубликовано: 15 февраля 2016 г.
BDU:2016-00896
Уязвимость библиотеки OpenSSL, позволяющая нарушителю взломать криптографический механизм защиты
Важность: MEDIUM (4,3)
Ссылки:
Опубликовано: 6 декабря 2015 г.
BDU:2016-01653
Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Важность: MEDIUM (5,0)
Ссылки:
Опубликовано: 6 декабря 2015 г.
BDU:2016-01654
Уязвимость реализации ASN1_TFLG_COMBINE библиотеки OpenSSL, позволяющая нарушителю получить защищаемую информацию из памяти процесса
Важность: MEDIUM (5,0)
Ссылки:
Опубликовано: 6 декабря 2015 г.
BDU:2016-01655
Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Важность: MEDIUM (4,3)
Ссылки:
Опубликовано: 20 марта 2015 г.
Изменено: 7 ноября 2023 г.
Изменено: 7 ноября 2023 г.
CVE-2015-0209
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
Важность: MEDIUM (6,8)
Ссылки:
- https://www.openssl.org/news/secadv_20150319.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1196737
- FEDORA-2015-4300
- FEDORA-2015-4303
- FEDORA-2015-4320
- DSA-3197
- openSUSE-SU-2015:0554
- FreeBSD-SA-15:06
- SUSE-SU-2015:0541
- USN-2537-1
- 1031929
- RHSA-2015:0716
- MDVSA-2015:063
- MDVSA-2015:062
- RHSA-2015:0752
- RHSA-2015:0715
- HPSBGN03306
- https://access.redhat.com/articles/1384453
- FEDORA-2015-6951
- FEDORA-2015-6855
- APPLE-SA-2015-06-30-2
- http://support.apple.com/kb/HT204942
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- https://bto.bluecoat.com/security-advisory/sa92
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- HPSBMU03397
- HPSBMU03413
- SSRT102000
- HPSBMU03380
- HPSBMU03409
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- RHSA-2016:1089
- openSUSE-SU-2016:0640
- GLSA-201503-11
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
- openSUSE-SU-2015:1277
- https://kc.mcafee.com/corporate/index?page=content&id=SB10110
- 73239
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://support.citrix.com/article/CTX216642
- RHSA-2016:2957
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
Опубликовано: 12 июня 2015 г.
Изменено: 13 декабря 2022 г.
Изменено: 13 декабря 2022 г.
CVE-2015-1788
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
Важность: MEDIUM (4,3)
Ссылки:
- https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932
- https://www.openssl.org/news/secadv_20150611.txt
- APPLE-SA-2015-08-13-2
- https://support.apple.com/kb/HT205031
- SSRT102180
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- 91787
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- HPSBMU03409
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- 75158
- http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- openSUSE-SU-2016:0640
- https://openssl.org/news/secadv/20150611.txt
- http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- http://www-304.ibm.com/support/docview.wss?uid=swg21960041
- https://bto.bluecoat.com/security-advisory/sa98
- http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
- GLSA-201506-02
- openSUSE-SU-2015:1277
- NetBSD-SA2015-008
- https://kc.mcafee.com/corporate/index?page=content&id=SB10122
- SUSE-SU-2015:1185
- SUSE-SU-2015:1184
- SUSE-SU-2015:1182
- SUSE-SU-2015:1181
- SUSE-SU-2015:1150
- SUSE-SU-2015:1143
- openSUSE-SU-2015:1139
- USN-2639-1
- 1032564
- DSA-3287
- 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://support.citrix.com/article/CTX216642
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Опубликовано: 12 июня 2015 г.
Изменено: 13 февраля 2023 г.
Изменено: 13 февраля 2023 г.
CVE-2015-1789
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
Важность: HIGH (7,5) Вектор: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ссылки:
- https://www.openssl.org/news/secadv_20150611.txt
- https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11
- APPLE-SA-2015-08-13-2
- https://support.apple.com/kb/HT205031
- SSRT102180
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- 91787
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- HPSBGN03371
- HPSBMU03409
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- 75156
- https://openssl.org/news/secadv/20150611.txt
- openSUSE-SU-2016:0640
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
- http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- https://bto.bluecoat.com/security-advisory/sa98
- http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
- GLSA-201506-02
- openSUSE-SU-2015:1277
- NetBSD-SA2015-008
- https://kc.mcafee.com/corporate/index?page=content&id=SB10122
- RHSA-2015:1115
- SUSE-SU-2015:1185
- SUSE-SU-2015:1184
- SUSE-SU-2015:1183
- SUSE-SU-2015:1182
- SUSE-SU-2015:1181
- SUSE-SU-2015:1150
- SUSE-SU-2015:1143
- openSUSE-SU-2015:1139
- FEDORA-2015-10108
- FEDORA-2015-10047
- USN-2639-1
- 1032564
- DSA-3287
- 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
- RHSA-2015:1197
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://support.citrix.com/article/CTX216642
- https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Опубликовано: 12 июня 2015 г.
Изменено: 13 декабря 2022 г.
Изменено: 13 декабря 2022 г.
CVE-2015-1790
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
Важность: MEDIUM (5,0)
Ссылки:
- https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686
- https://www.openssl.org/news/secadv_20150611.txt
- APPLE-SA-2015-08-13-2
- https://support.apple.com/kb/HT205031
- SSRT102180
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- 91787
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- HPSBGN03371
- HPSBMU03409
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- 75157
- https://openssl.org/news/secadv/20150611.txt
- openSUSE-SU-2016:0640
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
- http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- https://bto.bluecoat.com/security-advisory/sa98
- http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
- GLSA-201506-02
- openSUSE-SU-2015:1277
- NetBSD-SA2015-008
- https://kc.mcafee.com/corporate/index?page=content&id=SB10122
- RHSA-2015:1115
- SUSE-SU-2015:1185
- SUSE-SU-2015:1184
- SUSE-SU-2015:1183
- SUSE-SU-2015:1182
- SUSE-SU-2015:1181
- SUSE-SU-2015:1150
- SUSE-SU-2015:1143
- openSUSE-SU-2015:1139
- FEDORA-2015-10108
- FEDORA-2015-10047
- USN-2639-1
- 1032564
- DSA-3287
- 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
- RHSA-2015:1197
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Опубликовано: 12 июня 2015 г.
Изменено: 13 декабря 2022 г.
Изменено: 13 декабря 2022 г.
CVE-2015-1791
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
Важность: MEDIUM (6,8)
Ссылки:
- https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc
- https://www.openssl.org/news/secadv_20150611.txt
- APPLE-SA-2015-08-13-2
- https://support.apple.com/kb/HT205031
- SSRT102180
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- 91787
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- HPSBMU03409
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- 75161
- openSUSE-SU-2016:0640
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
- https://openssl.org/news/secadv/20150611.txt
- http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- http://www-304.ibm.com/support/docview.wss?uid=swg21960041
- https://bto.bluecoat.com/security-advisory/sa98
- http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
- GLSA-201506-02
- NetBSD-SA2015-008
- https://kc.mcafee.com/corporate/index?page=content&id=SB10122
- RHSA-2015:1115
- SUSE-SU-2015:1185
- SUSE-SU-2015:1184
- SUSE-SU-2015:1182
- SUSE-SU-2015:1150
- SUSE-SU-2015:1143
- openSUSE-SU-2015:1139
- FEDORA-2015-10108
- FEDORA-2015-10047
- USN-2639-1
- 1032479
- DSA-3287
- 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://support.citrix.com/article/CTX216642
- https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Опубликовано: 12 июня 2015 г.
Изменено: 13 февраля 2023 г.
Изменено: 13 февраля 2023 г.
CVE-2015-1792
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
Важность: MEDIUM (5,0)
Ссылки:
- https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c
- https://www.openssl.org/news/secadv_20150611.txt
- APPLE-SA-2015-08-13-2
- https://support.apple.com/kb/HT205031
- SSRT102180
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- 91787
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- HPSBGN03371
- HPSBMU03409
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- 75154
- openSUSE-SU-2016:0640
- https://openssl.org/news/secadv/20150611.txt
- http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- https://bto.bluecoat.com/security-advisory/sa98
- http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
- GLSA-201506-02
- openSUSE-SU-2015:1277
- NetBSD-SA2015-008
- https://kc.mcafee.com/corporate/index?page=content&id=SB10122
- RHSA-2015:1115
- SUSE-SU-2015:1185
- SUSE-SU-2015:1184
- SUSE-SU-2015:1182
- SUSE-SU-2015:1150
- SUSE-SU-2015:1143
- openSUSE-SU-2015:1139
- FEDORA-2015-10108
- FEDORA-2015-10047
- USN-2639-1
- 1032564
- DSA-3287
- 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://support.citrix.com/article/CTX216642
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Опубликовано: 9 июля 2015 г.
Изменено: 7 ноября 2023 г.
Изменено: 7 ноября 2023 г.
CVE-2015-1793
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
Важность: MEDIUM (6,5) Вектор: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Ссылки:
- http://openssl.org/news/secadv_20150709.txt
- SSRT102180
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- 91787
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- HPSBGN03424
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- 75652
- http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm
- http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825
- https://kc.mcafee.com/corporate/index?page=content&id=SB10125
- GLSA-201507-15
- NetBSD-SA2015-008
- FreeBSD-SA-15:12
- SSA:2015-190-01
- 1032817
- 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
- FEDORA-2015-11475
- FEDORA-2015-11414
- 38640
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8
Опубликовано: 6 декабря 2015 г.
Изменено: 7 ноября 2023 г.
Изменено: 7 ноября 2023 г.
CVE-2015-3194
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ссылки:
- openSUSE-SU-2015:2289
- DSA-3413
- FEDORA-2015-d87d60b9a9
- openSUSE-SU-2015:2318
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- openSUSE-SU-2016:0637
- openSUSE-SU-2016:1332
- 78623
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- 91787
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
- HPSBGN03536
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- http://openssl.org/news/secadv/20151203.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1288320
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- RHSA-2015:2617
- USN-2830-1
- SSA:2015-349-04
- openSUSE-SU-2015:2288
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- 1034294
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- RHSA-2016:2957
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17
Опубликовано: 6 декабря 2015 г.
Изменено: 7 ноября 2023 г.
Изменено: 7 ноября 2023 г.
CVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
Важность: MEDIUM (5,3) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ссылки:
- http://openssl.org/news/secadv/20151203.txt
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- https://support.apple.com/HT206167
- APPLE-SA-2016-03-21-5
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- HPSBGN03536
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- 91787
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- 1034294
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- RHSA-2016:2957
- RHSA-2016:2056
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- openSUSE-SU-2015:2349
- openSUSE-SU-2015:2288
- SSA:2015-349-04
- USN-2830-1
- RHSA-2015:2616
- RHSA-2015:2617
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- openSUSE-SU-2015:2289
- DSA-3413
- FEDORA-2015-d87d60b9a9
- openSUSE-SU-2015:2318
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
- openSUSE-SU-2016:0640
- SUSE-SU-2016:0678
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- openSUSE-SU-2016:0637
- 78626
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d
Опубликовано: 6 декабря 2015 г.
Изменено: 7 ноября 2023 г.
Изменено: 7 ноября 2023 г.
CVE-2015-3196
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
Важность: MEDIUM (4,3)
Ссылки:
- http://openssl.org/news/secadv/20151203.txt
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- HPSBGN03536
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- 78622
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- RHSA-2015:2617
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- USN-2830-1
- SSA:2015-349-04
- FEDORA-2015-d87d60b9a9
- DSA-3413
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2289
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- 1034294
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- RHSA-2016:2957
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
Опубликовано: 15 февраля 2016 г.
Изменено: 7 ноября 2023 г.
Изменено: 7 ноября 2023 г.
CVE-2015-3197
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.
Важность: MEDIUM (5,9) Вектор: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Ссылки:
- http://www.openssl.org/news/secadv/20160128.txt
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- 91787
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- 82237
- openSUSE-SU-2016:1239
- openSUSE-SU-2016:1241
- SUSE-SU-2016:0621
- openSUSE-SU-2016:0638
- SUSE-SU-2016:0631
- openSUSE-SU-2016:0637
- SUSE-SU-2016:0617
- SUSE-SU-2016:0678
- SUSE-SU-2016:0624
- openSUSE-SU-2016:0720
- SUSE-SU-2016:0620
- openSUSE-SU-2016:0628
- openSUSE-SU-2016:0640
- SUSE-SU-2016:1057
- SUSE-SU-2016:0641
- GLSA-201601-05
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- FreeBSD-SA-16:11
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- VU#257823
- 1034849
- FEDORA-2016-527018d2ff
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d81a1600588b726c2bdccda7efad3cc7a87d6245
Опубликовано: 21 мая 2015 г.
Изменено: 9 февраля 2023 г.
Изменено: 9 февраля 2023 г.
CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Важность: LOW (3,7) Вектор: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Ссылки:
- https://weakdh.org/imperfect-forward-secrecy.pdf
- https://weakdh.org/
- https://www.suse.com/security/cve/CVE-2015-4000.html
- https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
- https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
- [oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice
- 74733
- https://www.openssl.org/news/secadv_20150611.txt
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-06-30-1
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://www.mozilla.org/security/announce/2015/mfsa2015-70.html
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
- https://bugzilla.mozilla.org/show_bug.cgi?id=1138554
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- 1033064
- http://www-01.ibm.com/support/docview.wss?uid=swg21962455
- DSA-3324
- SUSE-SU-2015:1269
- USN-2673-1
- SUSE-SU-2015:1268
- SSRT102180
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722
- 91787
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- HPSBGN03533
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527
- HPSBGN03399
- HPSBGN03402
- HPSBUX03512
- HPSBUX03363
- HPSBGN03411
- HPSBGN03351
- HPSBGN03361
- HPSBMU03401
- HPSBGN03405
- HPSBGN03362
- HPSBGN03373
- HPSBMU03356
- HPSBGN03407
- HPSBMU03345
- HPSBGN03404
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
- https://openssl.org/news/secadv/20150611.txt
- GLSA-201603-11
- openSUSE-SU-2016:0483
- 1034884
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
- openSUSE-SU-2016:0478
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929
- http://www-304.ibm.com/support/docview.wss?uid=swg21967893
- GLSA-201512-10
- SUSE-SU-2016:0224
- openSUSE-SU-2016:0261
- 1034728
- 1034087
- openSUSE-SU-2016:0226
- 1033991
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
- SUSE-SU-2016:0262
- openSUSE-SU-2016:0255
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
- openSUSE-SU-2015:1684
- http://www-304.ibm.com/support/docview.wss?uid=swg21960041
- https://bto.bluecoat.com/security-advisory/sa98
- 1033760
- SUSE-SU-2015:1663
- GLSA-201506-02
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
- http://www-01.ibm.com/support/docview.wss?uid=swg21959111
- 1033513
- 1033433
- 1033430
- 1033416
- 1033385
- http://www.fortiguard.com/advisory/2015-05-20-logjam-attack
- http://support.citrix.com/article/CTX201114
- SUSE-SU-2015:1581
- SUSE-SU-2015:1449
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
- http://www-304.ibm.com/support/docview.wss?uid=swg21962816
- http://www-01.ibm.com/support/docview.wss?uid=swg21962739
- http://www-01.ibm.com/support/docview.wss?uid=swg21960191
- USN-2706-1
- USN-2696-1
- 1033891
- 1033341
- 1033222
- 1033210
- 1033209
- 1033208
- DSA-3339
- RHSA-2015:1526
- SUSE-SU-2015:1320
- SUSE-SU-2015:1319
- openSUSE-SU-2015:1289
- openSUSE-SU-2015:1288
- openSUSE-SU-2015:1277
- openSUSE-SU-2015:1266
- NetBSD-SA2015-008
- http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
- https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403
- https://www-304.ibm.com/support/docview.wss?uid=swg21959745
- https://kc.mcafee.com/corporate/index?page=content&id=SB10122
- http://www-304.ibm.com/support/docview.wss?uid=swg21960418
- http://www-304.ibm.com/support/docview.wss?uid=swg21960380
- http://www-304.ibm.com/support/docview.wss?uid=swg21960194
- http://www-304.ibm.com/support/docview.wss?uid=swg21959132
- http://www-304.ibm.com/support/docview.wss?uid=swg21958984
- http://www-01.ibm.com/support/docview.wss?uid=swg21961717
- http://www-01.ibm.com/support/docview.wss?uid=swg21959812
- http://www-01.ibm.com/support/docview.wss?uid=swg21959636
- http://www-01.ibm.com/support/docview.wss?uid=swg21959539
- http://www-01.ibm.com/support/docview.wss?uid=swg21959530
- http://www-01.ibm.com/support/docview.wss?uid=swg21959517
- http://www-01.ibm.com/support/docview.wss?uid=swg21959481
- http://www-01.ibm.com/support/docview.wss?uid=swg21959453
- http://www-01.ibm.com/support/docview.wss?uid=swg21959325
- http://www-01.ibm.com/support/docview.wss?uid=swg21959195
- USN-2656-2
- USN-2656-1
- 1032884
- 1032871
- 1032865
- 1032864
- 1032856
- 1032784
- 1032783
- 1032778
- 1032777
- 1032759
- 1032727
- 1032702
- 1032699
- 1032688
- 1032656
- 1032655
- 1032654
- 1032653
- 1032652
- 1032651
- 1032650
- 1032649
- 1032648
- 1032647
- 1032645
- 1032637
- DSA-3300
- openSUSE-SU-2015:1209
- openSUSE-SU-2015:1229
- SUSE-SU-2015:1185
- SUSE-SU-2015:1184
- SUSE-SU-2015:1183
- SUSE-SU-2015:1182
- SUSE-SU-2015:1181
- SUSE-SU-2015:1177
- SUSE-SU-2015:1150
- SUSE-SU-2015:1143
- openSUSE-SU-2015:1139
- 1032476
- 1032475
- 1032474
- DSA-3287
- RHSA-2015:1197
- RHSA-2015:1072
- FEDORA-2015-9161
- FEDORA-2015-9048
- FEDORA-2015-9130
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
- GLSA-201701-46
- 1036218
- 1033067
- 1033065
- 1033019
- 1032960
- 1032932
- 1032910
- DSA-3688
- DSA-3316
- SSRT102112
- https://security.netapp.com/advisory/ntap-20150619-0001/
- https://support.citrix.com/article/CTX216642
- https://puppet.com/security/cve/CVE-2015-4000
- RHSA-2016:2056
- RHSA-2016:1624
- RHSA-2015:1604
- RHSA-2015:1544
- RHSA-2015:1488
- RHSA-2015:1486
- RHSA-2015:1485
- RHSA-2015:1243
- RHSA-2015:1242
- RHSA-2015:1241
- RHSA-2015:1230
- RHSA-2015:1229
- RHSA-2015:1228
- RHSA-2015:1185
- 1040630
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Опубликовано: 15 февраля 2016 г.
Изменено: 13 февраля 2023 г.
Изменено: 13 февраля 2023 г.
CVE-2016-0701
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
Важность: LOW (3,7) Вектор: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Ссылки:
- http://www.openssl.org/news/secadv/20160128.txt
- http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- 91787
- 82233
- openSUSE-SU-2016:0637
- USN-2883-1
- FEDORA-2016-527018d2ff
- 1034849
- GLSA-201601-05
- VU#257823
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648