Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-0739 (GCVE-0-2018-0739)
Vulnerability from cvelistv5 – Published: 2018-03-27 21:00 – Updated: 2024-09-16 22:35
VLAI
EPSS
Title
Constructed ASN.1 types with a recursive definition could exceed the stack
Summary
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
Severity
No CVSS data available.
CWE
- Stack overflow
Assigner
References
34 references
Impacted products
Date Public
2018-03-27 00:00
Credits
OSS-fuzz
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3611-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3611-2/"
},
{
"name": "DSA-4158",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4158"
},
{
"name": "GLSA-201811-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-21"
},
{
"name": "RHSA-2019:0367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "DSA-4157",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4157"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "103518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103518"
},
{
"name": "1040576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040576"
},
{
"name": "RHSA-2018:3221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3221"
},
{
"name": "105609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105609"
},
{
"name": "USN-3611-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3611-1/"
},
{
"name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "RHSA-2018:3090",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3090"
},
{
"name": "RHSA-2019:1711",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1711"
},
{
"name": "RHSA-2019:1712",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name": "GLSA-202007-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20180327.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OSS-fuzz"
}
],
"datePublic": "2018-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:53:11.000Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "USN-3611-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3611-2/"
},
{
"name": "DSA-4158",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4158"
},
{
"name": "GLSA-201811-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-21"
},
{
"name": "RHSA-2019:0367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "DSA-4157",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4157"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "103518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103518"
},
{
"name": "1040576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040576"
},
{
"name": "RHSA-2018:3221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3221"
},
{
"name": "105609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105609"
},
{
"name": "USN-3611-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3611-1/"
},
{
"name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "RHSA-2018:3090",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3090"
},
{
"name": "RHSA-2019:1711",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1711"
},
{
"name": "RHSA-2019:1712",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name": "GLSA-202007-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv/20180327.txt"
}
],
"title": "Constructed ASN.1 types with a recursive definition could exceed the stack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2018-03-27",
"ID": "CVE-2018-0739",
"STATE": "PUBLIC",
"TITLE": "Constructed ASN.1 types with a recursive definition could exceed the stack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
},
{
"version_value": "Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OSS-fuzz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3611-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3611-2/"
},
{
"name": "DSA-4158",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4158"
},
{
"name": "GLSA-201811-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-21"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "DSA-4157",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4157"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "103518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103518"
},
{
"name": "1040576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040576"
},
{
"name": "RHSA-2018:3221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3221"
},
{
"name": "105609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105609"
},
{
"name": "USN-3611-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3611-1/"
},
{
"name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "RHSA-2018:3090",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3090"
},
{
"name": "RHSA-2019:1711",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1711"
},
{
"name": "RHSA-2019:1712",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1712"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name": "GLSA-202007-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-53"
},
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.tenable.com/security/tns-2018-07",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-07"
},
{
"name": "https://www.tenable.com/security/tns-2018-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-04"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d"
},
{
"name": "https://www.tenable.com/security/tns-2018-06",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-06"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180330-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
},
{
"name": "https://www.openssl.org/news/secadv/20180327.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20180327.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2018-0739",
"datePublished": "2018-03-27T21:00:00.000Z",
"dateReserved": "2017-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:35:29.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-0739",
"date": "2026-05-27",
"epss": "0.14445",
"percentile": "0.94521"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.2b\", \"versionEndIncluding\": \"1.0.2n\", \"matchCriteriaId\": \"FFF63A06-9A8B-4280-A52D-4280136908CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.1.0\", \"versionEndIncluding\": \"1.1.0g\", \"matchCriteriaId\": \"322768B5-2E14-40B9-A784-8981F4376E13\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9070C9D8-A14A-467F-8253-33B966C16886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).\"}, {\"lang\": \"es\", \"value\": \"Los tipos constructed ASN.1 con una definici\\u00f3n recursiva (como la que podemos encontrar en PKCS7) podr\\u00edan acabar excediendo la pila debido a entradas maliciosas con recursi\\u00f3n excesiva. Esto podr\\u00eda dar como resultado un ataque de denegaci\\u00f3n de servicio (DoS). No hay estructuras de este tipo empleadas en SSL/TLS que provengan de fuentes no fiables, por lo que se consideran seguras. Solucionado en OpenSSL 1.1.0h (versiones 1.1.0-1.1.0g afectadas). Solucionado en OpenSSL 1.0.2o (versiones 1.0.2b-1.0.2n afectadas).\"}]",
"id": "CVE-2018-0739",
"lastModified": "2024-11-21T03:38:50.910",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-03-27T21:29:00.673",
"references": "[{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"http://www.securityfocus.com/bid/103518\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/105609\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"http://www.securitytracker.com/id/1040576\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3090\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3221\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3505\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0366\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0367\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1711\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1712\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201811-21\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202007-53\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180330-0002/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180726-0002/\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://securityadvisories.paloaltonetworks.com/Home/Detail/133\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://usn.ubuntu.com/3611-1/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3611-2/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4157\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4158\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20180327.txt\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-04\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-06\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-07\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/103518\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/105609\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1040576\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3090\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3221\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3505\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0366\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0367\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1711\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1712\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201811-21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202007-53\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180330-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180726-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://securityadvisories.paloaltonetworks.com/Home/Detail/133\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3611-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3611-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4158\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20180327.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-07\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-674\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-0739\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2018-03-27T21:29:00.673\",\"lastModified\":\"2024-11-21T03:38:50.910\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).\"},{\"lang\":\"es\",\"value\":\"Los tipos constructed ASN.1 con una definici\u00f3n recursiva (como la que podemos encontrar en PKCS7) podr\u00edan acabar excediendo la pila debido a entradas maliciosas con recursi\u00f3n excesiva. Esto podr\u00eda dar como resultado un ataque de denegaci\u00f3n de servicio (DoS). No hay estructuras de este tipo empleadas en SSL/TLS que provengan de fuentes no fiables, por lo que se consideran seguras. Solucionado en OpenSSL 1.1.0h (versiones 1.1.0-1.1.0g afectadas). Solucionado en OpenSSL 1.0.2o (versiones 1.0.2b-1.0.2n afectadas).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.2b\",\"versionEndIncluding\":\"1.0.2n\",\"matchCriteriaId\":\"FFF63A06-9A8B-4280-A52D-4280136908CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndIncluding\":\"1.1.0g\",\"matchCriteriaId\":\"322768B5-2E14-40B9-A784-8981F4376E13\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.securityfocus.com/bid/103518\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105609\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.securitytracker.com/id/1040576\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3090\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3221\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3505\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1711\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1712\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.gentoo.org/glsa/201811-21\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.gentoo.org/glsa/202007-53\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180330-0002/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180726-0002/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://securityadvisories.paloaltonetworks.com/Home/Detail/133\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://usn.ubuntu.com/3611-1/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3611-2/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4157\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4158\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20180327.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.tenable.com/security/tns-2018-04\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.tenable.com/security/tns-2018-06\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.tenable.com/security/tns-2018-07\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/103518\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1040576\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3090\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1712\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201811-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202007-53\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180330-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180726-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://securityadvisories.paloaltonetworks.com/Home/Detail/133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3611-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3611-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4158\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20180327.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2018-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2018-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2018-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2018:0902-1
Vulnerability from csaf_suse - Published: 2018-04-08 19:39 - Updated: 2018-04-08 19:39Summary
Security update for openssl
Severity
Important
Notes
Title of the patch: Security update for openssl
Description of the patch: This update for openssl fixes the following issues:
- CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed
the stack. This could result in a Denial Of Service attack. (bsc#1087102)
Patchnames: SUSE-OpenStack-Cloud-6-2018-601,SUSE-SLE-SAP-12-SP1-2018-601,SUSE-SLE-SERVER-12-SP1-2018-601
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:libopenssl1_0_0-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:openssl-1.0.1i-54.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:openssl-doc-1.0.1i-54.11.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\n- CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed\n the stack. This could result in a Denial Of Service attack. (bsc#1087102)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-6-2018-601,SUSE-SLE-SAP-12-SP1-2018-601,SUSE-SLE-SERVER-12-SP1-2018-601",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0902-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0902-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180902-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0902-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003878.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087102",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2018-04-08T19:39:55Z",
"generator": {
"date": "2018-04-08T19:39:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0902-1",
"initial_release_date": "2018-04-08T19:39:55Z",
"revision_history": [
{
"date": "2018-04-08T19:39:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssl-doc-1.0.1i-54.11.1.noarch",
"product": {
"name": "openssl-doc-1.0.1i-54.11.1.noarch",
"product_id": "openssl-doc-1.0.1i-54.11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.11.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.11.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.1i-54.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.11.1.ppc64le",
"product": {
"name": "openssl-1.0.1i-54.11.1.ppc64le",
"product_id": "openssl-1.0.1i-54.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.11.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.11.1.s390x",
"product_id": "libopenssl1_0_0-1.0.1i-54.11.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.11.1.s390x",
"product": {
"name": "openssl-1.0.1i-54.11.1.s390x",
"product_id": "openssl-1.0.1i-54.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1i-54.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.11.1.x86_64",
"product": {
"name": "openssl-1.0.1i-54.11.1.x86_64",
"product_id": "openssl-1.0.1i-54.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 6",
"product": {
"name": "SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.11.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:libopenssl1_0_0-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.11.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:openssl-1.0.1i-54.11.1.x86_64"
},
"product_reference": "openssl-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.1i-54.11.1.noarch as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:openssl-doc-1.0.1i-54.11.1.noarch"
},
"product_reference": "openssl-doc-1.0.1i-54.11.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.11.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.11.1.ppc64le"
},
"product_reference": "openssl-1.0.1i-54.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.11.1.x86_64"
},
"product_reference": "openssl-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.1i-54.11.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.11.1.noarch"
},
"product_reference": "openssl-doc-1.0.1i-54.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.11.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.ppc64le"
},
"product_reference": "openssl-1.0.1i-54.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.s390x"
},
"product_reference": "openssl-1.0.1i-54.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.x86_64"
},
"product_reference": "openssl-1.0.1i-54.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.1i-54.11.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.11.1.noarch"
},
"product_reference": "openssl-doc-1.0.1i-54.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.11.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.11.1.noarch",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:openssl-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:openssl-doc-1.0.1i-54.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.11.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.11.1.noarch",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:openssl-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:openssl-doc-1.0.1i-54.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.11.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.11.1.noarch",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-32bit-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:openssl-1.0.1i-54.11.1.x86_64",
"SUSE OpenStack Cloud 6:openssl-doc-1.0.1i-54.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-08T19:39:55Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
}
]
}
SUSE-SU-2018:0905-1
Vulnerability from csaf_suse - Published: 2018-04-09 19:43 - Updated: 2018-04-09 19:43Summary
Security update for openssl1
Severity
Important
Notes
Title of the patch: Security update for openssl1
Description of the patch: This update for openssl1 fixes the following issues:
- CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed
the stack. This could result in a Denial Of Service attack. (bsc#1087102)
Patchnames: secsp3-openssl1-13554
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl1 fixes the following issues:\n\n- CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed\n the stack. This could result in a Denial Of Service attack. (bsc#1087102)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "secsp3-openssl1-13554",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0905-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0905-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180905-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0905-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003880.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087102",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
}
],
"title": "Security update for openssl1",
"tracking": {
"current_release_date": "2018-04-09T19:43:51Z",
"generator": {
"date": "2018-04-09T19:43:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0905-1",
"initial_release_date": "2018-04-09T19:43:51Z",
"revision_history": [
{
"date": "2018-04-09T19:43:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.i586",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.i586",
"product_id": "libopenssl1-devel-1.0.1g-0.58.9.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.i586",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.9.1.i586"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.9.1.i586",
"product": {
"name": "openssl1-1.0.1g-0.58.9.1.i586",
"product_id": "openssl1-1.0.1g-0.58.9.1.i586"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.9.1.i586",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.9.1.i586",
"product_id": "openssl1-doc-1.0.1g-0.58.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.ia64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.ia64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.9.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.ia64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.ia64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.9.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-x86-1.0.1g-0.58.9.1.ia64",
"product": {
"name": "libopenssl1_0_0-x86-1.0.1g-0.58.9.1.ia64",
"product_id": "libopenssl1_0_0-x86-1.0.1g-0.58.9.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.9.1.ia64",
"product": {
"name": "openssl1-1.0.1g-0.58.9.1.ia64",
"product_id": "openssl1-1.0.1g-0.58.9.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.9.1.ia64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.9.1.ia64",
"product_id": "openssl1-doc-1.0.1g-0.58.9.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.ppc64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.ppc64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.ppc64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.ppc64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.ppc64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.ppc64",
"product_id": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.9.1.ppc64",
"product": {
"name": "openssl1-1.0.1g-0.58.9.1.ppc64",
"product_id": "openssl1-1.0.1g-0.58.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.9.1.ppc64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.9.1.ppc64",
"product_id": "openssl1-doc-1.0.1g-0.58.9.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.s390x",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.s390x",
"product_id": "libopenssl1-devel-1.0.1g-0.58.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.s390x",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.9.1.s390x",
"product": {
"name": "openssl1-1.0.1g-0.58.9.1.s390x",
"product_id": "openssl1-1.0.1g-0.58.9.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.9.1.s390x",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.9.1.s390x",
"product_id": "openssl1-doc-1.0.1g-0.58.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.x86_64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.x86_64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.9.1.x86_64",
"product": {
"name": "openssl1-1.0.1g-0.58.9.1.x86_64",
"product_id": "openssl1-1.0.1g-0.58.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.9.1.x86_64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.9.1.x86_64",
"product_id": "openssl1-doc-1.0.1g-0.58.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product": {
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:security"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.i586"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.ia64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.ppc64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.s390x"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.9.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.x86_64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.i586"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.ia64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.ppc64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.9.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.ppc64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-x86-1.0.1g-0.58.9.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.9.1.ia64"
},
"product_reference": "libopenssl1_0_0-x86-1.0.1g-0.58.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.9.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.i586"
},
"product_reference": "openssl1-1.0.1g-0.58.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.9.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.ia64"
},
"product_reference": "openssl1-1.0.1g-0.58.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.9.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.ppc64"
},
"product_reference": "openssl1-1.0.1g-0.58.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.9.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.s390x"
},
"product_reference": "openssl1-1.0.1g-0.58.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.9.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.x86_64"
},
"product_reference": "openssl1-1.0.1g-0.58.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.9.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.i586"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.9.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.ia64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.9.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.ppc64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.9.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.s390x"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.9.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.x86_64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.9.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-09T19:43:51Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
}
]
}
SUSE-SU-2018:0906-1
Vulnerability from csaf_suse - Published: 2018-04-09 19:43 - Updated: 2018-04-09 19:43Summary
Security update for openssl
Severity
Important
Notes
Title of the patch: Security update for openssl
Description of the patch: This update for openssl fixes the following issues:
- CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed
the stack. This could result in a Denial Of Service attack. (bsc#1087102)
Patchnames: SUSE-SLE-SERVER-12-2018-608
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.31.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\n- CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed\n the stack. This could result in a Denial Of Service attack. (bsc#1087102)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-2018-608",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0906-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0906-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180906-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0906-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003881.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087102",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2018-04-09T19:43:11Z",
"generator": {
"date": "2018-04-09T19:43:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0906-1",
"initial_release_date": "2018-04-09T19:43:11Z",
"revision_history": [
{
"date": "2018-04-09T19:43:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssl-doc-1.0.1i-27.31.1.noarch",
"product": {
"name": "openssl-doc-1.0.1i-27.31.1.noarch",
"product_id": "openssl-doc-1.0.1i-27.31.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.31.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.31.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.1i-27.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.31.1.ppc64le",
"product": {
"name": "openssl-1.0.1i-27.31.1.ppc64le",
"product_id": "openssl-1.0.1i-27.31.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.31.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.31.1.s390x",
"product_id": "libopenssl1_0_0-1.0.1i-27.31.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-27.31.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.31.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-27.31.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.31.1.s390x",
"product": {
"name": "openssl-1.0.1i-27.31.1.s390x",
"product_id": "openssl-1.0.1i-27.31.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.31.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.31.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1i-27.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-27.31.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.31.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-27.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.31.1.x86_64",
"product": {
"name": "openssl-1.0.1i-27.31.1.x86_64",
"product_id": "openssl-1.0.1i-27.31.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-27.31.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.1i-27.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-27.31.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.1i-27.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-27.31.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1i-27.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.31.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.31.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-27.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.31.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.31.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-27.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-27.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-27.31.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.ppc64le"
},
"product_reference": "openssl-1.0.1i-27.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-27.31.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.s390x"
},
"product_reference": "openssl-1.0.1i-27.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-27.31.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.x86_64"
},
"product_reference": "openssl-1.0.1i-27.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.1i-27.31.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.31.1.noarch"
},
"product_reference": "openssl-doc-1.0.1i-27.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.31.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.31.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.31.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-09T19:43:11Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
}
]
}
SUSE-SU-2018:0925-1
Vulnerability from csaf_suse - Published: 2018-04-11 16:03 - Updated: 2018-04-11 16:03Summary
Security update for openssl
Severity
Moderate
Notes
Title of the patch: Security update for openssl
Description of the patch: This update for openssl fixes the following issues:
- CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7)
could eventually exceed the stack given malicious input with excessive recursion. This could result
in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from
untrusted sources so this is considered safe. (bsc#1087102).
Patchnames: SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-624,SUSE-SLE-DESKTOP-12-SP2-2018-624,SUSE-SLE-DESKTOP-12-SP3-2018-624,SUSE-SLE-RPI-12-SP2-2018-624,SUSE-SLE-SDK-12-SP2-2018-624,SUSE-SLE-SDK-12-SP3-2018-624,SUSE-SLE-SERVER-12-SP2-2018-624,SUSE-SLE-SERVER-12-SP3-2018-624
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP2:openssl-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openssl-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) \n could eventually exceed the stack given malicious input with excessive recursion. This could result \n in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from \n untrusted sources so this is considered safe. (bsc#1087102).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-624,SUSE-SLE-DESKTOP-12-SP2-2018-624,SUSE-SLE-DESKTOP-12-SP3-2018-624,SUSE-SLE-RPI-12-SP2-2018-624,SUSE-SLE-SDK-12-SP2-2018-624,SUSE-SLE-SDK-12-SP3-2018-624,SUSE-SLE-SERVER-12-SP2-2018-624,SUSE-SLE-SERVER-12-SP3-2018-624",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0925-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0925-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180925-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0925-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003886.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087102",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2018-04-11T16:03:27Z",
"generator": {
"date": "2018-04-11T16:03:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0925-1",
"initial_release_date": "2018-04-11T16:03:27Z",
"revision_history": [
{
"date": "2018-04-11T16:03:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.24.1.aarch64",
"product": {
"name": "libopenssl-devel-1.0.2j-60.24.1.aarch64",
"product_id": "libopenssl-devel-1.0.2j-60.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"product_id": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.24.1.aarch64",
"product": {
"name": "openssl-1.0.2j-60.24.1.aarch64",
"product_id": "openssl-1.0.2j-60.24.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-doc-1.0.2j-60.24.1.noarch",
"product": {
"name": "openssl-doc-1.0.2j-60.24.1.noarch",
"product_id": "openssl-doc-1.0.2j-60.24.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"product": {
"name": "libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"product_id": "libopenssl-devel-1.0.2j-60.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.24.1.ppc64le",
"product": {
"name": "openssl-1.0.2j-60.24.1.ppc64le",
"product_id": "openssl-1.0.2j-60.24.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.24.1.s390x",
"product": {
"name": "libopenssl-devel-1.0.2j-60.24.1.s390x",
"product_id": "libopenssl-devel-1.0.2j-60.24.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"product_id": "libopenssl1_0_0-1.0.2j-60.24.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.24.1.s390x",
"product": {
"name": "openssl-1.0.2j-60.24.1.s390x",
"product_id": "openssl-1.0.2j-60.24.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.24.1.x86_64",
"product": {
"name": "libopenssl-devel-1.0.2j-60.24.1.x86_64",
"product_id": "libopenssl-devel-1.0.2j-60.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.24.1.x86_64",
"product": {
"name": "openssl-1.0.2j-60.24.1.x86_64",
"product_id": "openssl-1.0.2j-60.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:openssl-1.0.2j-60.24.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.24.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openssl-1.0.2j-60.24.1.aarch64"
},
"product_reference": "openssl-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.24.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.aarch64"
},
"product_reference": "openssl-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.24.1.noarch as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.aarch64"
},
"product_reference": "openssl-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.24.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.aarch64"
},
"product_reference": "openssl-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.24.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.24.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.aarch64"
},
"product_reference": "openssl-1.0.2j-60.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.24.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.24.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.24.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libopenssl-devel-1.0.2j-60.24.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-11T16:03:27Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
}
]
}
SUSE-SU-2018:0975-1
Vulnerability from csaf_suse - Published: 2018-04-18 06:31 - Updated: 2018-04-18 06:31Summary
Security update for openssl
Severity
Important
Notes
Title of the patch: Security update for openssl
Description of the patch: This update for openssl fixes the following issues:
- CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed
the stack. This could result in a Denial Of Service attack. (bsc#1087102)
Patchnames: sdksp4-openssl-13565,slessp4-openssl-13565,slestso13-openssl-13565
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\n- CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed\n the stack. This could result in a Denial Of Service attack. (bsc#1087102)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-openssl-13565,slessp4-openssl-13565,slestso13-openssl-13565",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0975-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0975-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180975-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0975-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003897.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087102",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2018-04-18T06:31:16Z",
"generator": {
"date": "2018-04-18T06:31:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0975-1",
"initial_release_date": "2018-04-18T06:31:16Z",
"revision_history": [
{
"date": "2018-04-18T06:31:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.9.1.i586",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.i586",
"product_id": "libopenssl-devel-0.9.8j-0.106.9.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.i586",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.i586",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.9.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.9.1.i586",
"product": {
"name": "openssl-0.9.8j-0.106.9.1.i586",
"product_id": "openssl-0.9.8j-0.106.9.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.9.1.i586",
"product": {
"name": "openssl-doc-0.9.8j-0.106.9.1.i586",
"product_id": "openssl-doc-0.9.8j-0.106.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.9.1.ia64",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.ia64",
"product_id": "libopenssl-devel-0.9.8j-0.106.9.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.ia64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.ia64",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.9.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64",
"product": {
"name": "libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64",
"product_id": "libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.9.1.ia64",
"product": {
"name": "openssl-0.9.8j-0.106.9.1.ia64",
"product_id": "openssl-0.9.8j-0.106.9.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.9.1.ia64",
"product": {
"name": "openssl-doc-0.9.8j-0.106.9.1.ia64",
"product_id": "openssl-doc-0.9.8j-0.106.9.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.9.1.ppc64",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.ppc64",
"product_id": "libopenssl-devel-0.9.8j-0.106.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.ppc64",
"product": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.ppc64",
"product_id": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.9.1.ppc64",
"product": {
"name": "openssl-0.9.8j-0.106.9.1.ppc64",
"product_id": "openssl-0.9.8j-0.106.9.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.9.1.ppc64",
"product": {
"name": "openssl-doc-0.9.8j-0.106.9.1.ppc64",
"product_id": "openssl-doc-0.9.8j-0.106.9.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.9.1.s390x",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.s390x",
"product_id": "libopenssl-devel-0.9.8j-0.106.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.s390x",
"product": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.s390x",
"product_id": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.s390x",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.s390x",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.9.1.s390x",
"product": {
"name": "openssl-0.9.8j-0.106.9.1.s390x",
"product_id": "openssl-0.9.8j-0.106.9.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.9.1.s390x",
"product": {
"name": "openssl-doc-0.9.8j-0.106.9.1.s390x",
"product_id": "openssl-doc-0.9.8j-0.106.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.9.1.x86_64",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.x86_64",
"product_id": "libopenssl-devel-0.9.8j-0.106.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.x86_64",
"product": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.x86_64",
"product_id": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.9.1.x86_64",
"product": {
"name": "openssl-0.9.8j-0.106.9.1.x86_64",
"product_id": "openssl-0.9.8j-0.106.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.9.1.x86_64",
"product": {
"name": "openssl-doc-0.9.8j-0.106.9.1.x86_64",
"product_id": "openssl-doc-0.9.8j-0.106.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.i586"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl-devel-32bit-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.9.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "openssl-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "openssl-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "openssl-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "openssl-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.9.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "openssl-doc-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.9.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "openssl-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "openssl-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "openssl-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "openssl-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.9.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.9.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.9.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ia64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.9.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.9.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ppc64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.9.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.s390x"
},
"product_reference": "openssl-doc-0.9.8j-0.106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.9.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.9.1.x86_64"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.9.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.9.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.9.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-18T06:31:16Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
}
]
}
SUSE-SU-2018:2072-1
Vulnerability from csaf_suse - Published: 2018-07-26 14:30 - Updated: 2018-07-26 14:30Summary
Security update for ovmf
Severity
Moderate
Notes
Title of the patch: Security update for ovmf
Description of the patch: This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094289).
Patchnames: SUSE-SLE-Module-Server-Applications-15-2018-1399
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.3.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ovmf",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ovmf fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094289).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Server-Applications-15-2018-1399",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2072-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2072-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182072-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2072-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004318.html"
},
{
"category": "self",
"summary": "SUSE Bug 1094289",
"url": "https://bugzilla.suse.com/1094289"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
}
],
"title": "Security update for ovmf",
"tracking": {
"current_release_date": "2018-07-26T14:30:12Z",
"generator": {
"date": "2018-07-26T14:30:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2072-1",
"initial_release_date": "2018-07-26T14:30:12Z",
"revision_history": [
{
"date": "2018-07-26T14:30:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ovmf-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"product": {
"name": "ovmf-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"product_id": "ovmf-2017+git1510945757.b2662641d5-5.3.6.aarch64"
}
},
{
"category": "product_version",
"name": "ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"product": {
"name": "ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"product_id": "ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6.noarch",
"product": {
"name": "qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6.noarch",
"product_id": "qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6.noarch"
}
},
{
"category": "product_version",
"name": "qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6.noarch",
"product": {
"name": "qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6.noarch",
"product_id": "qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ovmf-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"product": {
"name": "ovmf-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"product_id": "ovmf-2017+git1510945757.b2662641d5-5.3.6.x86_64"
}
},
{
"category": "product_version",
"name": "ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"product": {
"name": "ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"product_id": "ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-2017+git1510945757.b2662641d5-5.3.6.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.3.6.aarch64"
},
"product_reference": "ovmf-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-2017+git1510945757.b2662641d5-5.3.6.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.3.6.x86_64"
},
"product_reference": "ovmf-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.aarch64"
},
"product_reference": "ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.x86_64"
},
"product_reference": "ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6.noarch"
},
"product_reference": "qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6.noarch"
},
"product_reference": "qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:ovmf-tools-2017+git1510945757.b2662641d5-5.3.6.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3.6.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3.6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-26T14:30:12Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
}
]
}
SUSE-SU-2018:2158-1
Vulnerability from csaf_suse - Published: 2018-08-01 12:01 - Updated: 2018-08-01 12:01Summary
Security update for ovmf
Severity
Moderate
Notes
Title of the patch: Security update for ovmf
Description of the patch: This update for ovmf provide the following fix:
Security issues fixed:
- CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types
recursive definition depth (bsc#1094290, bsc#1094291).
Bug fixes:
- Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the
better compatibility. (bsc#1077330)
Patchnames: SUSE-SLE-SERVER-12-SP3-2018-1470
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ovmf",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ovmf provide the following fix:\n\nSecurity issues fixed:\n\n- CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types\n recursive definition depth (bsc#1094290, bsc#1094291).\n\nBug fixes:\n\n- Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the\n better compatibility. (bsc#1077330)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-SP3-2018-1470",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2158-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2158-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182158-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2158-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004363.html"
},
{
"category": "self",
"summary": "SUSE Bug 1077330",
"url": "https://bugzilla.suse.com/1077330"
},
{
"category": "self",
"summary": "SUSE Bug 1094290",
"url": "https://bugzilla.suse.com/1094290"
},
{
"category": "self",
"summary": "SUSE Bug 1094291",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
}
],
"title": "Security update for ovmf",
"tracking": {
"current_release_date": "2018-08-01T12:01:28Z",
"generator": {
"date": "2018-08-01T12:01:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2158-1",
"initial_release_date": "2018-08-01T12:01:28Z",
"revision_history": [
{
"date": "2018-08-01T12:01:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"product": {
"name": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"product_id": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64"
}
},
{
"category": "product_version",
"name": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"product": {
"name": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"product_id": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"product": {
"name": "qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"product_id": "qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch"
}
},
{
"category": "product_version",
"name": "qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"product": {
"name": "qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"product_id": "qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"product": {
"name": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"product_id": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64"
}
},
{
"category": "product_version",
"name": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"product": {
"name": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"product_id": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64"
},
"product_reference": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64"
},
"product_reference": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64"
},
"product_reference": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64"
},
"product_reference": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch"
},
"product_reference": "qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch"
},
"product_reference": "qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64"
},
"product_reference": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64"
},
"product_reference": "ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64"
},
"product_reference": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64"
},
"product_reference": "ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch"
},
"product_reference": "qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch"
},
"product_reference": "qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server 12 SP3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"SUSE Linux Enterprise Server 12 SP3:qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-01T12:01:28Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
}
]
}
SUSE-SU-2018:2534-1
Vulnerability from csaf_suse - Published: 2018-08-28 09:05 - Updated: 2018-08-28 09:05Summary
Security update for compat-openssl097g
Severity
Moderate
Notes
Title of the patch: Security update for compat-openssl097g
Description of the patch: This update for compat-openssl097g fixes the following issues:
These security issues were fixed:
- CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based
ciphersuite a malicious server could have sent a very large prime value to the
client. This caused the client to spend an unreasonably long period of time
generating a key for this prime resulting in a hang until the client has
finished. This could be exploited in a Denial Of Service attack (bsc#1097158)
- CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as
can be found in PKCS7) could eventually exceed the stack given malicious input
with excessive recursion. This could have resulted in DoS (bsc#1087102)
This non-security issue was fixed:
- Fixed crash in DES_fcrypt (bsc#1065363)
Patchnames: slesappsp4-compat-openssl097g-13753
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for compat-openssl097g",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for compat-openssl097g fixes the following issues:\n\nThese security issues were fixed:\n\n- CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based\n ciphersuite a malicious server could have sent a very large prime value to the\n client. This caused the client to spend an unreasonably long period of time\n generating a key for this prime resulting in a hang until the client has\n finished. This could be exploited in a Denial Of Service attack (bsc#1097158)\n- CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as\n can be found in PKCS7) could eventually exceed the stack given malicious input\n with excessive recursion. This could have resulted in DoS (bsc#1087102)\n\nThis non-security issue was fixed:\n\n- Fixed crash in DES_fcrypt (bsc#1065363)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slesappsp4-compat-openssl097g-13753",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2534-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2534-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182534-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2534-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182534-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065363",
"url": "https://bugzilla.suse.com/1065363"
},
{
"category": "self",
"summary": "SUSE Bug 1087102",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "self",
"summary": "SUSE Bug 1097158",
"url": "https://bugzilla.suse.com/1097158"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0732 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
}
],
"title": "Security update for compat-openssl097g",
"tracking": {
"current_release_date": "2018-08-28T09:05:06Z",
"generator": {
"date": "2018-08-28T09:05:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2534-1",
"initial_release_date": "2018-08-28T09:05:06Z",
"revision_history": [
{
"date": "2018-08-28T09:05:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64",
"product": {
"name": "compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64",
"product_id": "compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64"
}
},
{
"category": "product_version",
"name": "compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64",
"product": {
"name": "compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64",
"product_id": "compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64",
"product": {
"name": "compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64",
"product_id": "compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64",
"product": {
"name": "compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64",
"product_id": "compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64"
},
"product_reference": "compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64"
},
"product_reference": "compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64"
},
"product_reference": "compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64"
},
"product_reference": "compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0732"
}
],
"notes": [
{
"category": "general",
"text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0732",
"url": "https://www.suse.com/security/cve/CVE-2018-0732"
},
{
"category": "external",
"summary": "SUSE Bug 1077628 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1077628"
},
{
"category": "external",
"summary": "SUSE Bug 1097158 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1097158"
},
{
"category": "external",
"summary": "SUSE Bug 1099502 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1099502"
},
{
"category": "external",
"summary": "SUSE Bug 1106692 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1106692"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1110163 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1110163"
},
{
"category": "external",
"summary": "SUSE Bug 1112097 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1112097"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-28T09:05:06Z",
"details": "important"
}
],
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-28T09:05:06Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
}
]
}
SUSE-SU-2018:2683-1
Vulnerability from csaf_suse - Published: 2018-09-10 16:00 - Updated: 2018-09-10 16:00Summary
Security update for compat-openssl098
Severity
Moderate
Notes
Title of the patch: Security update for compat-openssl098
Description of the patch: This update for compat-openssl098 fixes the following security issues:
- CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based
ciphersuite a malicious server could have sent a very large prime value to the
client. This caused the client to spend an unreasonably long period of time
generating a key for this prime resulting in a hang until the client has
finished. This could be exploited in a Denial Of Service attack (bsc#1097158)
- Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)
- CVE-2018-0737: The RSA Key generation algorithm has been shown to be
vulnerable to a cache timing side channel attack. An attacker with sufficient
access to mount cache timing attacks during the RSA key generation process
could have recovered the private key (bsc#1089039)
- CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as
can be found in PKCS7) could eventually exceed the stack given malicious input
with excessive recursion. This could have resulted in DoS (bsc#1087102).
Patchnames: SUSE-SLE-DESKTOP-12-SP3-2018-1872,SUSE-SLE-Module-Legacy-12-2018-1872,SUSE-SLE-SAP-12-SP1-2018-1872,SUSE-SLE-SAP-12-SP2-2018-1872,SUSE-SLE-SAP-12-SP3-2018-1872
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.7 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for compat-openssl098",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for compat-openssl098 fixes the following security issues:\n\n- CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based\n ciphersuite a malicious server could have sent a very large prime value to the\n client. This caused the client to spend an unreasonably long period of time\n generating a key for this prime resulting in a hang until the client has\n finished. This could be exploited in a Denial Of Service attack (bsc#1097158)\n- Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)\n- CVE-2018-0737: The RSA Key generation algorithm has been shown to be\n vulnerable to a cache timing side channel attack. An attacker with sufficient\n access to mount cache timing attacks during the RSA key generation process\n could have recovered the private key (bsc#1089039)\n- CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as\n can be found in PKCS7) could eventually exceed the stack given malicious input\n with excessive recursion. This could have resulted in DoS (bsc#1087102).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP3-2018-1872,SUSE-SLE-Module-Legacy-12-2018-1872,SUSE-SLE-SAP-12-SP1-2018-1872,SUSE-SLE-SAP-12-SP2-2018-1872,SUSE-SLE-SAP-12-SP3-2018-1872",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2683-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2683-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182683-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2683-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-September/004549.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087102",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "self",
"summary": "SUSE Bug 1089039",
"url": "https://bugzilla.suse.com/1089039"
},
{
"category": "self",
"summary": "SUSE Bug 1097158",
"url": "https://bugzilla.suse.com/1097158"
},
{
"category": "self",
"summary": "SUSE Bug 1097624",
"url": "https://bugzilla.suse.com/1097624"
},
{
"category": "self",
"summary": "SUSE Bug 1098592",
"url": "https://bugzilla.suse.com/1098592"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0732 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0737 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
}
],
"title": "Security update for compat-openssl098",
"tracking": {
"current_release_date": "2018-09-10T16:00:03Z",
"generator": {
"date": "2018-09-10T16:00:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2683-1",
"initial_release_date": "2018-09-10T16:00:03Z",
"revision_history": [
{
"date": "2018-09-10T16:00:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"product": {
"name": "libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"product_id": "libopenssl0_9_8-0.9.8j-106.6.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"product_id": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 12",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.6.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0732"
}
],
"notes": [
{
"category": "general",
"text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0732",
"url": "https://www.suse.com/security/cve/CVE-2018-0732"
},
{
"category": "external",
"summary": "SUSE Bug 1077628 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1077628"
},
{
"category": "external",
"summary": "SUSE Bug 1097158 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1097158"
},
{
"category": "external",
"summary": "SUSE Bug 1099502 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1099502"
},
{
"category": "external",
"summary": "SUSE Bug 1106692 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1106692"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1110163 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1110163"
},
{
"category": "external",
"summary": "SUSE Bug 1112097 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1112097"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-10T16:00:03Z",
"details": "important"
}
],
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2018-0737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0737"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0737",
"url": "https://www.suse.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "SUSE Bug 1089039 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089039"
},
{
"category": "external",
"summary": "SUSE Bug 1089041 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089041"
},
{
"category": "external",
"summary": "SUSE Bug 1089044 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089044"
},
{
"category": "external",
"summary": "SUSE Bug 1089045 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089045"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1123780 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1123780"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-10T16:00:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-0737"
},
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-10T16:00:03Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
}
]
}
SUSE-SU-2020:0495-1
Vulnerability from csaf_suse - Published: 2020-02-26 14:17 - Updated: 2020-02-26 14:17Summary
Security update for ovmf
Severity
Moderate
Notes
Title of the patch: Security update for ovmf
Description of the patch: This update for ovmf fixes the following issues:
Security issues fixed:
- CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094291).
- CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959).
- CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927).
- CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969).
Bug fixes:
- Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility. (bsc#1077330)
Patchnames: SUSE-2020-495,SUSE-OpenStack-Cloud-7-2020-495,SUSE-SLE-SAP-12-SP2-2020-495,SUSE-SLE-SERVER-12-SP2-2020-495,SUSE-SLE-SERVER-12-SP2-BCL-2020-495
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ovmf",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ovmf fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094291).\n- CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959).\n- CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927).\n- CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969).\n\nBug fixes:\n\n- Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility. (bsc#1077330)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-495,SUSE-OpenStack-Cloud-7-2020-495,SUSE-SLE-SAP-12-SP2-2020-495,SUSE-SLE-SERVER-12-SP2-2020-495,SUSE-SLE-SERVER-12-SP2-BCL-2020-495",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0495-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0495-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200495-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0495-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-February/006535.html"
},
{
"category": "self",
"summary": "SUSE Bug 1077330",
"url": "https://bugzilla.suse.com/1077330"
},
{
"category": "self",
"summary": "SUSE Bug 1094291",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "self",
"summary": "SUSE Bug 1163927",
"url": "https://bugzilla.suse.com/1163927"
},
{
"category": "self",
"summary": "SUSE Bug 1163959",
"url": "https://bugzilla.suse.com/1163959"
},
{
"category": "self",
"summary": "SUSE Bug 1163969",
"url": "https://bugzilla.suse.com/1163969"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14563 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14575 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14575/"
}
],
"title": "Security update for ovmf",
"tracking": {
"current_release_date": "2020-02-26T14:17:52Z",
"generator": {
"date": "2020-02-26T14:17:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0495-1",
"initial_release_date": "2020-02-26T14:17:52Z",
"revision_history": [
{
"date": "2020-02-26T14:17:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ovmf-2015+git1462940744.321151f-19.10.3.aarch64",
"product": {
"name": "ovmf-2015+git1462940744.321151f-19.10.3.aarch64",
"product_id": "ovmf-2015+git1462940744.321151f-19.10.3.aarch64"
}
},
{
"category": "product_version",
"name": "ovmf-tools-2015+git1462940744.321151f-19.10.3.aarch64",
"product": {
"name": "ovmf-tools-2015+git1462940744.321151f-19.10.3.aarch64",
"product_id": "ovmf-tools-2015+git1462940744.321151f-19.10.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ovmf-2015+git1462940744.321151f-19.10.3.i586",
"product": {
"name": "ovmf-2015+git1462940744.321151f-19.10.3.i586",
"product_id": "ovmf-2015+git1462940744.321151f-19.10.3.i586"
}
},
{
"category": "product_version",
"name": "ovmf-tools-2015+git1462940744.321151f-19.10.3.i586",
"product": {
"name": "ovmf-tools-2015+git1462940744.321151f-19.10.3.i586",
"product_id": "ovmf-tools-2015+git1462940744.321151f-19.10.3.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-ovmf-ia32-2015+git1462940744.321151f-19.10.3.noarch",
"product": {
"name": "qemu-ovmf-ia32-2015+git1462940744.321151f-19.10.3.noarch",
"product_id": "qemu-ovmf-ia32-2015+git1462940744.321151f-19.10.3.noarch"
}
},
{
"category": "product_version",
"name": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"product": {
"name": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"product_id": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
}
},
{
"category": "product_version",
"name": "qemu-uefi-aarch64-2015+git1462940744.321151f-19.10.3.noarch",
"product": {
"name": "qemu-uefi-aarch64-2015+git1462940744.321151f-19.10.3.noarch",
"product_id": "qemu-uefi-aarch64-2015+git1462940744.321151f-19.10.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"product": {
"name": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"product_id": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64"
}
},
{
"category": "product_version",
"name": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"product": {
"name": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"product_id": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ovmf-x86_64-debug-2015+git1462940744.321151f-19.10.3.x86_64",
"product": {
"name": "qemu-ovmf-x86_64-debug-2015+git1462940744.321151f-19.10.3.x86_64",
"product_id": "qemu-ovmf-x86_64-debug-2015+git1462940744.321151f-19.10.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64"
},
"product_reference": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64"
},
"product_reference": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
},
"product_reference": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64"
},
"product_reference": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64"
},
"product_reference": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
},
"product_reference": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64"
},
"product_reference": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64"
},
"product_reference": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
},
"product_reference": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64"
},
"product_reference": "ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64"
},
"product_reference": "ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
},
"product_reference": "qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-26T14:17:52Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
},
{
"cve": "CVE-2019-14559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14559"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14559",
"url": "https://www.suse.com/security/cve/CVE-2019-14559"
},
{
"category": "external",
"summary": "SUSE Bug 1163927 for CVE-2019-14559",
"url": "https://bugzilla.suse.com/1163927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-26T14:17:52Z",
"details": "moderate"
}
],
"title": "CVE-2019-14559"
},
{
"cve": "CVE-2019-14563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14563"
}
],
"notes": [
{
"category": "general",
"text": "Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14563",
"url": "https://www.suse.com/security/cve/CVE-2019-14563"
},
{
"category": "external",
"summary": "SUSE Bug 1163959 for CVE-2019-14563",
"url": "https://bugzilla.suse.com/1163959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-26T14:17:52Z",
"details": "moderate"
}
],
"title": "CVE-2019-14563"
},
{
"cve": "CVE-2019-14575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14575"
}
],
"notes": [
{
"category": "general",
"text": "Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14575",
"url": "https://www.suse.com/security/cve/CVE-2019-14575"
},
{
"category": "external",
"summary": "SUSE Bug 1163969 for CVE-2019-14575",
"url": "https://bugzilla.suse.com/1163969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch",
"SUSE OpenStack Cloud 7:ovmf-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:ovmf-tools-2015+git1462940744.321151f-19.10.3.x86_64",
"SUSE OpenStack Cloud 7:qemu-ovmf-x86_64-2015+git1462940744.321151f-19.10.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-26T14:17:52Z",
"details": "important"
}
],
"title": "CVE-2019-14575"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…