Vulnerability CVE-2007-5135 - CERT Civis.Net

Vulnerability Name:

CVE-2007-5135 (CCN-36837)

Assigned:

2007-09-27

Published:

2007-09-27

Updated:

2018-10-15

Summary:

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.
Note: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189
CWE-193

Vulnerability Consequences:

Gain Access

References:

Source: NETBSD
Type: UNKNOWN
NetBSD-SA2008-007

Source: CCN
Type: BugTraq Mailing List, Thu Sep 27 2007 - 11:21:40 CDT
OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

Source: MITRE
Type: CNA
CVE-2007-5135

Source: CCN
Type: OpenSSL CVS Repository
OpenSSL_0_9_8-stable branch

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-07-31

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:005

Source: CCN
Type: Security-announce Mailing List, Mon Jan 7 17:46:23 PST 2008
VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

Source: MLIST
Type: UNKNOWN
[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

Source: CCN
Type: RHSA-2007-0813
Moderate: openssl security update

Source: CCN
Type: RHSA-2007-0964
Important: openssl security update

Source: CCN
Type: RHSA-2007-1003
Moderate: openssl security and bug fix update

Source: CCN
Type: SA22130
OpenSSL Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22130

Source: SECUNIA
Type: Vendor Advisory
27012

Source: CCN
Type: SA27021
Ubuntu update for openssl

Source: SECUNIA
Type: Vendor Advisory
27021

Source: SECUNIA
Type: Vendor Advisory
27031

Source: SECUNIA
Type: Vendor Advisory
27051

Source: CCN
Type: SA27078
Mandriva update for openssl

Source: SECUNIA
Type: Vendor Advisory
27078

Source: CCN
Type: SA27097
Gentoo update for openssl

Source: SECUNIA
Type: Vendor Advisory
27097

Source: SECUNIA
Type: Vendor Advisory
27186

Source: CCN
Type: SA27205
Red Hat update for openssl

Source: SECUNIA
Type: Vendor Advisory
27205

Source: SECUNIA
Type: Vendor Advisory
27217

Source: SECUNIA
Type: Vendor Advisory
27229

Source: CCN
Type: SA27330
Red Hat update for openssl

Source: SECUNIA
Type: Vendor Advisory
27330

Source: CCN
Type: SA27394
Sun Solaris 10 OpenSSL "SSL_get_shared_ciphers()" Vulnerability

Source: SECUNIA
Type: Vendor Advisory
27394

Source: SECUNIA
Type: Vendor Advisory
27851

Source: CCN
Type: SA27870
Avaya Products OpenSSL Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27870

Source: CCN
Type: SA27961
IBM HMC Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27961

Source: CCN
Type: SA28368
VMware ESX Server Multiple Security Updates

Source: SECUNIA
Type: Vendor Advisory
28368

Source: CCN
Type: SA28667
IBM Hardware Management Console Pegasus CIM Denial of Service

Source: SECUNIA
Type: UNKNOWN
29242

Source: SECUNIA
Type: UNKNOWN
30124

Source: CCN
Type: SA30161
Gentoo ltsp Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30161

Source: SECUNIA
Type: UNKNOWN
31308

Source: CCN
Type: SA31326
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31326

Source: CCN
Type: SA31467
VMware updates for OpenSSL, net-snmp, and perl

Source: SECUNIA
Type: UNKNOWN
31467

Source: CCN
Type: SA31489
VMware ESXi OpenSSL Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31489

Source: CCN
Type: FreeBSD-SA-07:08.openssl
Buffer overflow in OpenSSL SSL_get_shared_ciphers()

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-07:08

Source: GENTOO
Type: UNKNOWN
GLSA-200710-06

Source: SREASON
Type: UNKNOWN
3179

Source: CCN
Type: SECTRACK ID: 1018755
OpenSSL Off-by-one Overflow in SL_get_shared_ciphers() Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: Sun Alert ID: 103130
Security Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() Function

Source: SUNALERT
Type: UNKNOWN
103130

Source: CCN
Type: Sun Alert ID: 200858
Security Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() Function

Source: SUNALERT
Type: UNKNOWN
200858

Source: CCN
Type: Apple Web site
About Security Update 2008-005

Source: CCN
Type: ASA-2007-481
Security Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() Function (Sun 103130)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm

Source: CCN
Type: ASA-2007-485
OpenSSL security update (RHSA-2007-0813)

Source: CCN
Type: ASA-2007-522
HP-UX Running Apache Remote Execution of Arbitrary Code (HPSBUX02292)

Source: CCN
Type: ASA-2007-524
OpenSSL security and bug fix update (RHSA-2007-1003)

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241

Source: DEBIAN
Type: UNKNOWN
DSA-1379

Source: DEBIAN
Type: DSA-1379
openssl -- off-by-one error/buffer overflow

Source: CCN
Type: GLSA-200710-06
OpenSSL: Multiple vulnerabilities

Source: CCN
Type: GLSA-200805-07
Linux Terminal Server Project: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200805-07

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:193

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:020

Source: OPENBSD
Type: UNKNOWN
[4.0] 017: SECURITY FIX: October 10, 2007

Source: OPENBSD
Type: UNKNOWN
[4.1] 011: SECURITY FIX: October 10, 2007

Source: OPENBSD
Type: UNKNOWN
[4.2] 002: SECURITY FIX: October 10, 2007

Source: CCN
Type: OpenBSD 4.2 release errata & patch list: 002: SECURITY FIX: October 10, 2007
The SSL_get_shared_ciphers() function in OpenSSL contains an off-by-one overflow.

Source: CCN
Type: OpenSSL Web site
OpenSSL:The Open Source toolkit for SSL/TLS

Source: CCN
Type: OpenSSL Security Advisory [12-Oct-2007]
flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled

Source: CONFIRM
Type: UNKNOWN
http://www.openssl.org/news/secadv_20071012.txt

Source: REDHAT
Type: Vendor Advisory
RHSA-2007:0813

Source: REDHAT
Type: Vendor Advisory
RHSA-2007:0964

Source: REDHAT
Type: Vendor Advisory
RHSA-2007:1003

Source: BUGTRAQ
Type: UNKNOWN
20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

Source: BUGTRAQ
Type: UNKNOWN
20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

Source: BUGTRAQ
Type: UNKNOWN
20071003 FLEA-2007-0058-1 openssl openssl-scripts

Source: BUGTRAQ
Type: UNKNOWN
20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

Source: HP
Type: UNKNOWN
HPSBUX02292

Source: BUGTRAQ
Type: UNKNOWN
20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

Source: BUGTRAQ
Type: UNKNOWN
20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

Source: BID
Type: UNKNOWN
25831

Source: CCN
Type: BID-25831
OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018755

Source: CCN
Type: TLSA-2007-52
Multiple vulnerabilities exist in openssl

Source: CCN
Type: USN-522-1
OpenSSL vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0001.html

Source: CCN
Type: VMSA-2008-0013
Updated ESX packages for OpenSSL, net-snmp, perl

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0013.html

Source: VUPEN
Type: UNKNOWN
ADV-2007-3325

Source: VUPEN
Type: UNKNOWN
ADV-2007-3625

Source: VUPEN
Type: UNKNOWN
ADV-2007-4042

Source: VUPEN
Type: UNKNOWN
ADV-2007-4144

Source: VUPEN
Type: UNKNOWN
ADV-2008-0064

Source: VUPEN
Type: UNKNOWN
ADV-2008-2268

Source: VUPEN
Type: UNKNOWN
ADV-2008-2361

Source: VUPEN
Type: UNKNOWN
ADV-2008-2362

Source: CCN
Type: IBM Subscription service
Security fix for HMC Version 6 Release 1.3

Source: CONFIRM
Type: UNKNOWN
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037

Source: CONFIRM
Type: UNKNOWN
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038

Source: MISC
Type: UNKNOWN
https://bugs.gentoo.org/show_bug.cgi?id=194039

Source: XF
Type: UNKNOWN
openssl-sslgetshared-bo(36837)

Source: XF
Type: UNKNOWN
openssl-sslgetshared-bo(36837)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1769

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1770

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10904

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5337

Source: UBUNTU
Type: UNKNOWN
USN-522-1

Source: FEDORA
Type: Vendor Advisory
FEDORA-2007-725

Source: SUSE
Type: SUSE-SR:2007:020
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2008:005
SUSE Security Summary Report

Source: CCN
Type: IBM Systems Support Web site
Support for HMC

Vulnerable Configuration:

Configuration 1:

cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:hardware_management_console:6.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:hardware_management_console:7.3.2.0:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

AND

cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:3.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*

OR cpe:/h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20075135	V	CVE-2007-5135	2022-06-30
oval:org.opensuse.security:def:42369	P	Security update for dnsmasq (Important)	2022-04-22
oval:org.opensuse.security:def:42166	P	Security update for protobuf (Moderate)	2022-03-30
oval:org.opensuse.security:def:112741	P	libopenssl-1_1-devel-1.1.1l-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112743	P	libopenssl-devel-1.1.1l-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112740	P	libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26223	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:31373	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:26182	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:26181	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:31312	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:32205	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:26142	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:31281	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:106212	P	libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106213	P	libopenssl-1_1-devel-1.1.1l-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106215	P	libopenssl-devel-1.1.1l-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:31684	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:32183	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:31680	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:32181	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:31672	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:26101	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:26097	P	Security update for lasso (Important)	2021-08-02
oval:org.opensuse.security:def:31238	P	Security update for qemu (Important)	2021-07-29
oval:org.opensuse.security:def:26095	P	Security update for glibc (Moderate)	2021-07-27
oval:org.opensuse.security:def:31226	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31227	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:32144	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:26089	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:26085	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:31647	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:32126	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32124	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:36470	P	libopenssl-devel-0.9.8j-0.70.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42613	P	libopenssl0_9_8-0.9.8j-0.70.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36206	P	libopenssl0_9_8-0.9.8j-0.70.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32926	P	Security update for libX11 (Moderate)	2021-05-26
oval:org.opensuse.security:def:32095	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:26041	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:26040	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:26027	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:31149	P	Security update for spamassassin (Important)	2021-04-12
oval:org.opensuse.security:def:32282	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:31739	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:32268	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:31729	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:26191	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:32249	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:31673	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:26031	P	Security update for php74 (Moderate)	2021-01-14
oval:org.opensuse.security:def:25973	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:35962	P	libopenssl0_9_8-0.9.8j-0.50.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42002	P	libopenssl0_9_8-0.9.8h-30.27.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42755	P	libopenssl1-devel-1.0.1g-0.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35595	P	libopenssl0_9_8-0.9.8h-30.27.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36348	P	libopenssl1-devel-1.0.1g-0.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32002	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:35759	P	libopenssl0_9_8-0.9.8j-0.26.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25147	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31900	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:25572	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:25988	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25922	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25897	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25831	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26649	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26629	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27346	P	libopenssl1-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31536	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:32887	P	java-1_7_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25158	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:25431	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25723	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26723	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25898	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26323	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26698	P	foomatic-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26673	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31429	P	Recommended update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31796	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:32338	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25309	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:25222	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25488	P	Security update for file-roller (Low)	2020-12-01
oval:org.opensuse.security:def:26758	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25909	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26474	P	Security update for znc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26737	P	libadns1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27433	P	libarchive-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31430	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31883	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:32387	P	Security update for tomcat6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32492	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25310	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25350	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25735	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26019	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26239	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26751	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27468	P	libopenssl-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31441	P	Security update for pixman (Moderate)	2020-12-01
oval:org.opensuse.security:def:32424	P	Security update for wpa_supplicant (Important)	2020-12-01
oval:org.opensuse.security:def:32426	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33130	P	krb5-plugin-kdb-ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25321	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25594	P	Security update for targetcli-fb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25886	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26230	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:26926	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26020	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:26445	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31778	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26795	P	opie on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31515	P	Security update for quagga (Low)	2020-12-01
oval:org.opensuse.security:def:32039	P	Security update for kernel modules packages (Moderate)	2020-12-01
oval:org.opensuse.security:def:32480	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32448	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33169	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25512	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:25385	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:25651	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:26385	P	Security update for go (Moderate)	2020-12-01
oval:org.opensuse.security:def:26244	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:26961	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26304	P	Security update for python-keystoneclient (Moderate)	2020-12-01
oval:org.opensuse.security:def:26596	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31817	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:32521	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31890	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:32529	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32634	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25513	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25716	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25938	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:26434	P	Security update for pdns (Important)	2020-12-01
oval:org.opensuse.security:def:26288	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31063	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26361	P	Security update for kopete (Low)	2020-12-01
oval:org.opensuse.security:def:31892	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:31839	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32560	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31982	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25776	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32568	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33272	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25524	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25797	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27169	P	libFLAC++6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31064	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31517	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:31941	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32046	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31814	P	Security update for apache2-mod_nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:31758	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25825	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32590	P	pam_ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33311	P	libopenssl1-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25755	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25588	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25854	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26527	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26487	P	Security update for redis (Moderate)	2020-12-01
oval:org.opensuse.security:def:27204	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31075	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31836	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31980	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32684	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31815	P	Security update for apache2-mod_perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32032	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25864	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26560	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25756	P	Security update for python, python-base, python-doc (Moderate)	2020-12-01
oval:org.opensuse.security:def:25959	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26576	P	krb5-plugin-kdb-ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26531	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31593	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32723	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25146	P	Security update for man (Moderate)	2020-12-01
oval:org.opensuse.security:def:31826	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:25878	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26595	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25767	P	Security update for DirectFB (Important)	2020-12-01
oval:org.opensuse.security:def:26332	P	Security update for karchive (Important)	2020-12-01
oval:org.opensuse.security:def:26615	P	mozilla-xulrunner191 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27311	P	unixODBC_23 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31444	P	Security update for poppler (Moderate)	2020-12-01
oval:org.mitre.oval:def:17415	P	USN-522-1 -- openssl vulnerabilities	2014-06-30
oval:org.mitre.oval:def:18654	P	DSA-1379-1 openssl - arbitrary code execution	2014-06-23
oval:org.mitre.oval:def:22488	P	ELSA-2007:0964: openssl security update (Important)	2014-05-26
oval:org.mitre.oval:def:10904	V	Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.	2013-04-29
oval:org.mitre.oval:def:5337	V	Security Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() Function	2008-03-24
oval:com.redhat.rhsa:def:20071003	P	RHSA-2007:1003: openssl security and bug fix update (Moderate)	2007-11-15
oval:com.redhat.rhsa:def:20070813	P	RHSA-2007:0813: openssl security update (Moderate)	2007-10-22
oval:com.redhat.rhsa:def:20070964	P	RHSA-2007:0964: openssl security update (Important)	2007-10-16
oval:org.debian:def:1379	V	off-by-one error/buffer overflow	2007-10-02