Oval Definition:oval:org.opensuse.security:def:201919270
Revision Date:2021-10-24Version:1
Title:CVE-2019-19270
Description:

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-19270
openSUSE-SU-2020:0031-1
Mitre CVE-2019-19270
SUSE CVE-2019-19270
openSUSE-SU-2020:0031-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE Package Hub for SUSE Linux Enterprise 15
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • proftpd-1.3.6b-lp151.3.6.1 is installed
  • AND proftpd is signed with openSUSE key
  • OR
  • proftpd-devel-1.3.6b-lp151.3.6.1 is installed
  • AND proftpd-devel is signed with openSUSE key
  • OR
  • proftpd-doc-1.3.6b-lp151.3.6.1 is installed
  • AND proftpd-doc is signed with openSUSE key
  • OR
  • proftpd-lang-1.3.6b-lp151.3.6.1 is installed
  • AND proftpd-lang is signed with openSUSE key
  • OR
  • proftpd-ldap-1.3.6b-lp151.3.6.1 is installed
  • AND proftpd-ldap is signed with openSUSE key
  • OR
  • proftpd-mysql-1.3.6b-lp151.3.6.1 is installed
  • AND proftpd-mysql is signed with openSUSE key
  • OR
  • proftpd-pgsql-1.3.6b-lp151.3.6.1 is installed
  • AND proftpd-pgsql is signed with openSUSE key
  • OR
  • proftpd-radius-1.3.6b-lp151.3.6.1 is installed
  • AND proftpd-radius is signed with openSUSE key
  • OR
  • proftpd-sqlite-1.3.6b-lp151.3.6.1 is installed
  • AND proftpd-sqlite is signed with openSUSE key
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND Package Information
  • proftpd-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-devel-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-doc-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-lang-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-ldap-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-mysql-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-pgsql-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-radius-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-sqlite-1.3.6b-bp151.4.6.2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND
  • proftpd-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-devel-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-doc-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-lang-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-ldap-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-mysql-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-pgsql-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-radius-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-sqlite-1.3.6b-bp151.4.6.2 is installed
  • OR Package Information
  • SUSE Package Hub for SUSE Linux Enterprise 15 is installed
  • AND
  • proftpd-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-devel-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-doc-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-lang-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-ldap-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-mysql-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-pgsql-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-radius-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-sqlite-1.3.6b-bp150.3.6.1 is installed
    • BACK