Vulnerability CVE-2007-3108 - CERT Civis.Net

Vulnerability Name:

CVE-2007-3108 (CCN-35781)

Assigned:

2007-08-01

Published:

2007-08-01

Updated:

2018-10-16

Summary:

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)
0.9 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2007-3108

Source: CONFIRM
Type: UNKNOWN
http://cvs.openssl.org/chngview?cn=16275

Source: CCN
Type: Security-announce Mailing List, Mon Jan 7 17:46:23 PST 2008
VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

Source: MLIST
Type: UNKNOWN
[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

Source: CCN
Type: VMware Security-Announce Mailing List, Tue Jan 22 16:42:45 PST 2008
UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

Source: CCN
Type: OpenSSL Web site
patch-CVE-2007-3108

Source: CONFIRM
Type: UNKNOWN
http://openssl.org/news/patch-CVE-2007-3108.txt

Source: CCN
Type: RHSA-2007-0813
Moderate: openssl security update

Source: CCN
Type: RHSA-2007-0964
Important: openssl security update

Source: CCN
Type: RHSA-2007-1003
Moderate: openssl security and bug fix update

Source: CCN
Type: SA26411
rPath update for openssl

Source: SECUNIA
Type: UNKNOWN
26411

Source: CCN
Type: SA26893
rPath update for openssl

Source: SECUNIA
Type: UNKNOWN
26893

Source: CCN
Type: SA27021
Ubuntu update for openssl

Source: SECUNIA
Type: UNKNOWN
27021

Source: CCN
Type: SA27078
Mandriva update for openssl

Source: SECUNIA
Type: UNKNOWN
27078

Source: CCN
Type: SA27097
Gentoo update for openssl

Source: SECUNIA
Type: UNKNOWN
27097

Source: CCN
Type: SA27205
Red Hat update for openssl

Source: SECUNIA
Type: UNKNOWN
27205

Source: CCN
Type: SA27330
Red Hat update for openssl

Source: SECUNIA
Type: UNKNOWN
27330

Source: CCN
Type: SA27770
Blue Coat Products OpenSSL RSA Key Reconstruction Weakness

Source: SECUNIA
Type: UNKNOWN
27770

Source: CCN
Type: SA27870
Avaya Products OpenSSL Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
27870

Source: CCN
Type: SA28368
VMware ESX Server Multiple Security Updates

Source: SECUNIA
Type: UNKNOWN
28368

Source: CCN
Type: SA30161
Gentoo ltsp Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30161

Source: CCN
Type: SA30220
Debian OpenSSL Predictable Random Number Generator and Update

Source: SECUNIA
Type: UNKNOWN
30220

Source: CCN
Type: SA31467
VMware updates for OpenSSL, net-snmp, and perl

Source: SECUNIA
Type: UNKNOWN
31467

Source: CCN
Type: SA31489
VMware ESXi OpenSSL Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31489

Source: CCN
Type: SA31531
Reflection for Secure IT Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31531

Source: CCN
Type: SA40555
Sun Solaris OpenSSL Side-Channel Information Disclosure

Source: GENTOO
Type: UNKNOWN
GLSA-200710-06

Source: CCN
Type: Attachmate Technical Note 2374
Reflection for Secure IT UNIX Client and Server 7.0 Service Pack 1 (SP1): Fixes and Features

Source: CONFIRM
Type: UNKNOWN
http://support.attachmate.com/techdocs/2374.html

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm

Source: CCN
Type: ASA-2007-485
OpenSSL security update (RHSA-2007-0813)

Source: CCN
Type: ASA-2007-524
OpenSSL security and bug fix update (RHSA-2007-1003)

Source: CCN
Type: Blue Coat Systems Security Advisory
OPENSSL RSA KEY RECONSTRUCTION VULNERABILITY (CVE-2007-3108, VU#724968)

Source: CONFIRM
Type: UNKNOWN
http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability

Source: DEBIAN
Type: UNKNOWN
DSA-1571

Source: DEBIAN
Type: DSA-1571
openssl -- predictable random number generator

Source: CCN
Type: GLSA-200710-06
OpenSSL: Multiple vulnerabilities

Source: CCN
Type: GLSA-200805-07
Linux Terminal Server Project: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200805-07

Source: CCN
Type: US-CERT VU#724968
RSA key reconstruction vulnerability

Source: CERT-VN
Type: US Government Resource
VU#724968

Source: CONFIRM
Type: UNKNOWN
http://www.kb.cert.org/vuls/id/RGII-74KLP3

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:193

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0813

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0964

Source: REDHAT
Type: UNKNOWN
RHSA-2007:1003

Source: BUGTRAQ
Type: UNKNOWN
20070813 FLEA-2007-0043-1 openssl

Source: BUGTRAQ
Type: UNKNOWN
20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

Source: BUGTRAQ
Type: UNKNOWN
20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

Source: BID
Type: Patch
25163

Source: CCN
Type: BID-25163
OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability

Source: CCN
Type: BID-30723
Attachmate Reflection for Secure IT Multiple Unspecified Security Vulnerabilities

Source: CCN
Type: TLSA-2007-52
Multiple vulnerabilities exist in openssl

Source: CCN
Type: USN-522-1
OpenSSL vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0001.html

Source: CCN
Type: VMSA-2008-0013
Updated ESX packages for OpenSSL, net-snmp, perl

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0013.html

Source: VUPEN
Type: UNKNOWN
ADV-2007-2759

Source: VUPEN
Type: UNKNOWN
ADV-2007-4010

Source: VUPEN
Type: UNKNOWN
ADV-2008-0064

Source: VUPEN
Type: UNKNOWN
ADV-2008-2361

Source: VUPEN
Type: UNKNOWN
ADV-2008-2362

Source: VUPEN
Type: UNKNOWN
ADV-2008-2396

Source: XF
Type: UNKNOWN
openssl-bnfrom-information-disclosure(35781)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1613

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1633

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9984

Source: UBUNTU
Type: UNKNOWN
USN-522-1

Vulnerable Configuration:

Configuration 1:

cpe:/a:openssl:openssl:*:*:*:*:*:*:*:* (Version <= 0.9.8e)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:bluecoat:reporter:-:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:3.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:2.0:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*

OR cpe:/h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*

OR cpe:/h:bluecoat:proxyav:*:*:*:*:*:*:*:*

OR cpe:/h:bluecoat:proxysg:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20073108	V	CVE-2007-3108	2022-06-30
oval:org.opensuse.security:def:42369	P	Security update for dnsmasq (Important)	2022-04-22
oval:org.opensuse.security:def:42166	P	Security update for protobuf (Moderate)	2022-03-30
oval:org.opensuse.security:def:112743	P	libopenssl-devel-1.1.1l-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112740	P	libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112741	P	libopenssl-1_1-devel-1.1.1l-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26223	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:31373	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:26182	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:26181	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:31312	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:32205	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:31281	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:26142	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:106213	P	libopenssl-1_1-devel-1.1.1l-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106215	P	libopenssl-devel-1.1.1l-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106212	P	libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:31684	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:31680	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:32183	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:32181	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:31672	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:26101	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:26097	P	Security update for lasso (Important)	2021-08-02
oval:org.opensuse.security:def:31238	P	Security update for qemu (Important)	2021-07-29
oval:org.opensuse.security:def:26095	P	Security update for glibc (Moderate)	2021-07-27
oval:org.opensuse.security:def:31226	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31227	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:32144	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:26089	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:26085	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:31647	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:32126	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32124	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:36206	P	libopenssl0_9_8-0.9.8j-0.70.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36470	P	libopenssl-devel-0.9.8j-0.70.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42613	P	libopenssl0_9_8-0.9.8j-0.70.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32926	P	Security update for libX11 (Moderate)	2021-05-26
oval:org.opensuse.security:def:32095	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:26041	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:26040	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:26027	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:31149	P	Security update for spamassassin (Important)	2021-04-12
oval:org.opensuse.security:def:32282	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:31739	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:32268	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:31729	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:26191	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:32249	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:31673	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:26031	P	Security update for php74 (Moderate)	2021-01-14
oval:org.opensuse.security:def:25973	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:42002	P	libopenssl0_9_8-0.9.8h-30.27.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42755	P	libopenssl1-devel-1.0.1g-0.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35595	P	libopenssl0_9_8-0.9.8h-30.27.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36348	P	libopenssl1-devel-1.0.1g-0.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32002	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:35759	P	libopenssl0_9_8-0.9.8j-0.26.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35962	P	libopenssl0_9_8-0.9.8j-0.50.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25310	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25350	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25735	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26019	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26239	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26751	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27468	P	libopenssl-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31441	P	Security update for pixman (Moderate)	2020-12-01
oval:org.opensuse.security:def:32424	P	Security update for wpa_supplicant (Important)	2020-12-01
oval:org.opensuse.security:def:32426	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33130	P	krb5-plugin-kdb-ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25321	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25594	P	Security update for targetcli-fb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25886	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26230	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:26926	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26020	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:26445	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31778	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26795	P	opie on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31515	P	Security update for quagga (Low)	2020-12-01
oval:org.opensuse.security:def:32039	P	Security update for kernel modules packages (Moderate)	2020-12-01
oval:org.opensuse.security:def:32480	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32448	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33169	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25512	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:25385	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:25651	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:26385	P	Security update for go (Moderate)	2020-12-01
oval:org.opensuse.security:def:26244	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:26961	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26304	P	Security update for python-keystoneclient (Moderate)	2020-12-01
oval:org.opensuse.security:def:26596	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31817	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:32521	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31890	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:32529	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32634	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25513	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25716	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25938	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:26434	P	Security update for pdns (Important)	2020-12-01
oval:org.opensuse.security:def:26288	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31063	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26361	P	Security update for kopete (Low)	2020-12-01
oval:org.opensuse.security:def:31892	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:31839	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32560	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31982	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25776	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32568	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33272	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25524	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25797	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27169	P	libFLAC++6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31064	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31517	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:31941	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32046	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31814	P	Security update for apache2-mod_nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:31758	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25825	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32590	P	pam_ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33311	P	libopenssl1-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25755	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25588	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25854	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26527	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26487	P	Security update for redis (Moderate)	2020-12-01
oval:org.opensuse.security:def:27204	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31075	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31836	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31980	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32684	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31815	P	Security update for apache2-mod_perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32032	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25864	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26560	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25756	P	Security update for python, python-base, python-doc (Moderate)	2020-12-01
oval:org.opensuse.security:def:25959	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26576	P	krb5-plugin-kdb-ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26531	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31593	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32723	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25146	P	Security update for man (Moderate)	2020-12-01
oval:org.opensuse.security:def:31826	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:25878	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26595	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25767	P	Security update for DirectFB (Important)	2020-12-01
oval:org.opensuse.security:def:26332	P	Security update for karchive (Important)	2020-12-01
oval:org.opensuse.security:def:26615	P	mozilla-xulrunner191 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27311	P	unixODBC_23 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31444	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:25147	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31900	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:25572	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:25988	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25922	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25897	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25831	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26649	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26629	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27346	P	libopenssl1-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31536	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:32887	P	java-1_7_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25158	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:25431	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25723	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26723	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25898	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26323	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26698	P	foomatic-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26673	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31429	P	Recommended update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31796	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:32338	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25309	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:25222	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25488	P	Security update for file-roller (Low)	2020-12-01
oval:org.opensuse.security:def:26758	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25909	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26474	P	Security update for znc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26737	P	libadns1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27433	P	libarchive-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31430	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31883	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:32387	P	Security update for tomcat6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32492	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:17415	P	USN-522-1 -- openssl vulnerabilities	2014-06-30
oval:org.mitre.oval:def:20219	P	DSA-1571-1 openssl - predictable random number generator	2014-06-23
oval:org.mitre.oval:def:7946	P	DSA-1571 openssl -- predictable random number generator	2014-06-23
oval:org.mitre.oval:def:22488	P	ELSA-2007:0964: openssl security update (Important)	2014-05-26
oval:org.mitre.oval:def:9984	V	The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.	2013-04-29
oval:com.redhat.rhsa:def:20071003	P	RHSA-2007:1003: openssl security and bug fix update (Moderate)	2007-11-15
oval:com.redhat.rhsa:def:20070813	P	RHSA-2007:0813: openssl security update (Moderate)	2007-10-22
oval:com.redhat.rhsa:def:20070964	P	RHSA-2007:0964: openssl security update (Important)	2007-10-16