Oval Definition:	oval:org.opensuse.security:def:55480
Revision Date: 2020-12-01 Version: 1 Title: Security update for compat-openssl098 (Important) Description: OpenSSL was updated to fix various security issues. Following security issues were fixed: - CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. - CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. - CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. - CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. - CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. - CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. - CVE-2009-5146: A memory leak in the TLS hostname extension was fixed, which could be used by remote attackers to run SSL services out of memory. Family: unix Class: patch Status: Reference(s): 1005778 1005780 1005781 1012382 1014136 1019695 1019696 1022604 1026236 1027519 1027575 1031460 1034845 1036470 1037243 1038564 1042160 1042863 1042882 1042892 1042893 1042915 1042923 1042924 1042931 1042938 1043074 1043297 1046191 1050751 1061305 1063638 1065600 1085535 1085539 1090888 1091396 1099658 1100132 1105010 1106110 1106284 1106929 1108293 1108838 1110785 1110946 1112063 1112178 1116803 1117562 1119086 1120642 1120843 1120902 1122293 1122299 1122776 1126040 1126356 1128052 1129138 1129770 1130972 1131107 1131488 1131565 1132212 1132472 1132728 1132729 1132732 1133135 1133188 1133874 1134160 1134162 1134338 1134537 1134564 1134565 1134566 1134651 1134760 1134806 1134813 1134848 1135013 1135014 1135015 1135100 1135120 1135281 1135603 1135642 1135661 1135878 1136424 1136438 1136448 1136449 1136451 1136452 1136455 1136458 1136539 1136573 1136575 1136586 1136590 1136623 1136810 1136935 1136990 1137142 1137162 1137586 1156669 808355 835827 836937 843419 852368 908994 915976 919648 920236 922488 922496 922499 922500 922501 935158 941500 951166 964336 983582 984751 985177 985348 989523 991069 CVE-2009-5146 CVE-2011-1946 CVE-2013-0200 CVE-2013-4325 CVE-2013-6402 CVE-2014-2524 CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2014-7230 CVE-2014-7231 CVE-2014-8500 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-10911 CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10916 CVE-2017-10917 CVE-2017-10918 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-14988 CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8112 CVE-2017-8309 CVE-2017-8890 CVE-2017-8905 CVE-2017-9242 CVE-2017-9330 CVE-2017-9374 CVE-2017-9503 CVE-2018-11212 CVE-2018-15473 CVE-2018-17972 CVE-2018-3639 CVE-2018-7191 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 CVE-2019-3846 CVE-2019-5489 SUSE-SU-2015:0553-2 SUSE-SU-2015:1676-2 SUSE-SU-2016:2653-1 SUSE-SU-2017:1812-1 SUSE-SU-2017:2090-1 SUSE-SU-2017:2092-1 SUSE-SU-2018:3910-1 SUSE-SU-2019:1219-1 SUSE-SU-2019:1532-1 SUSE-SU-2019:2014-1 SUSE-SU-2019:3369-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information MozillaThunderbird-52.7-lp150.2 is installed OR MozillaThunderbird-translations-common-52.7-lp150.2 is installed OR MozillaThunderbird-translations-other-52.7-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libu2f-host-1.1.6-lp151.2.6 is installed OR libu2f-host-devel-1.1.6-lp151.2.6 is installed OR libu2f-host-doc-1.1.6-lp151.2.6 is installed OR libu2f-host0-1.1.6-lp151.2.6 is installed OR pam_u2f-1.0.8-lp151.2.3 is installed OR u2f-host-1.1.6-lp151.2.6 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information hplip-3.11.10-0.6.11 is installed OR hplip-hpijs-3.11.10-0.6.11 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND wireshark-1.12.7-0.5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information compat-openssl098-0.9.8j-73 is installed OR libopenssl0_9_8-0.9.8j-73 is installed OR libopenssl0_9_8-32bit-0.9.8j-73 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information kernel-default-4.4.180-94.97 is installed OR kernel-default-devel-4.4.180-94.97 is installed OR kernel-default-extra-4.4.180-94.97 is installed OR kernel-devel-4.4.180-94.97 is installed OR kernel-macros-4.4.180-94.97 is installed OR kernel-source-4.4.180-94.97 is installed OR kernel-syms-4.4.180-94.97 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information openssh-7.2p2-74.30 is installed OR openssh-askpass-gnome-7.2p2-74.30 is installed OR openssh-helpers-7.2p2-74.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information bash-4.2-75 is installed OR bash-doc-4.2-75 is installed OR libreadline6-6.2-75 is installed OR libreadline6-32bit-6.2-75 is installed OR readline-doc-6.2-75 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information xen-4.5.5_12-22.18 is installed OR xen-doc-html-4.5.5_12-22.18 is installed OR xen-kmp-default-4.5.5_12_k3.12.74_60.64.45-22.18 is installed OR xen-libs-4.5.5_12-22.18 is installed OR xen-libs-32bit-4.5.5_12-22.18 is installed OR xen-tools-4.5.5_12-22.18 is installed OR xen-tools-domU-4.5.5_12-22.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information fuse-2.9.3-5 is installed OR libfuse2-2.9.3-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information java-1_7_0-openjdk-1.7.0.201-43.18 is installed OR java-1_7_0-openjdk-demo-1.7.0.201-43.18 is installed OR java-1_7_0-openjdk-devel-1.7.0.201-43.18 is installed OR java-1_7_0-openjdk-headless-1.7.0.201-43.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information bind-9.9.9P1-63.12 is installed OR bind-chrootenv-9.9.9P1-63.12 is installed OR bind-doc-9.9.9P1-63.12 is installed OR bind-libs-9.9.9P1-63.12 is installed OR bind-utils-9.9.9P1-63.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_38-default-9-2 is installed OR kgraft-patch-SLE12-SP2_Update_13-9-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information eog-3.20.4-7 is installed OR eog-lang-3.20.4-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information python-cffi-1.11.2-5.11 is installed OR python-cryptography-2.1.4-7.28 is installed OR python-xattr-0.7.5-6.3 is installed OR python3-cffi-1.11.2-5.11 is installed OR python3-cryptography-2.1.4-7.28 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_176-94_88-default-5-2 is installed OR kgraft-patch-SLE12-SP3_Update_24-5-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND mutt-1.10.1-55.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND lftp-4.7.4-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information openstack-trove-4.0.1~a0~dev2-2 is installed OR openstack-trove-api-4.0.1~a0~dev2-2 is installed OR openstack-trove-conductor-4.0.1~a0~dev2-2 is installed OR openstack-trove-guestagent-4.0.1~a0~dev2-2 is installed OR openstack-trove-taskmanager-4.0.1~a0~dev2-2 is installed OR python-trove-4.0.1~a0~dev2-2 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND nodejs6-6.14.3-11.15 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND sudo-1.8.20p2-3.14 is installed
BACK