Action not permitted
Modal body text goes here.
cve-2010-4180
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:34:37.524Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SR:2011:001", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "1024822", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1024822" }, { "name": "42473", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42473" }, { "name": "42571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42571" }, { "name": "43170", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43170" }, { "name": "SSA:2010-340-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "name": "ADV-2011-0268", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0268" }, { "name": "SUSE-SR:2011:009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4723" }, { "name": "SUSE-SU-2011:0847", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "name": "42493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42493" }, { "name": "43173", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43173" }, { "name": "FEDORA-2010-18765", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html" }, { "name": "ADV-2011-0032", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "name": "openSUSE-SU-2011:0845", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "name": "43171", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43171" }, { "name": "42620", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42620" }, { "name": "SSRT100817", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "APPLE-SA-2011-06-23-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "name": "USN-1029-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://ubuntu.com/usn/usn-1029-1" }, { "name": "ADV-2010-3120", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "name": "FEDORA-2010-18736", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html" }, { "name": "ADV-2010-3122", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "name": "43169", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43169" }, { "name": "43172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43172" }, { "name": "HPSBHF02706", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "45164", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/45164" }, { "name": "69565", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/69565" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "42469", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42469" }, { "name": "HPSBMU02759", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "SSRT100475", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "42877", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42877" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "name": "RHSA-2010:0977", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html" }, { "name": "HPSBMA02658", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "SSRT100413", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "ADV-2010-3134", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "name": "ADV-2010-3188", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "name": "oval:org.mitre.oval:def:18910", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910" }, { "name": "HPSBUX02638", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "ADV-2011-0076", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openssl.org/news/secadv_20101202.txt" }, { "name": "RHSA-2010:0978", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html" }, { "name": "44269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/44269" }, { "name": "RHSA-2011:0896", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" }, { "name": "DSA-2141", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "name": "HPSBOV02670", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "SSRT100613", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "SSRT100339", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "MDVSA-2010:248", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248" }, { "name": "RHSA-2010:0979", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST" }, { "name": "42811", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42811" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "SUSE-SR:2011:001", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "1024822", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1024822" }, { "name": "42473", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42473" }, { "name": "42571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42571" }, { "name": "43170", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43170" }, { "name": "SSA:2010-340-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "name": "ADV-2011-0268", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0268" }, { "name": "SUSE-SR:2011:009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4723" }, { "name": "SUSE-SU-2011:0847", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "name": "42493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42493" }, { "name": "43173", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43173" }, { "name": "FEDORA-2010-18765", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html" }, { "name": "ADV-2011-0032", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "name": "openSUSE-SU-2011:0845", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "name": "43171", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43171" }, { "name": "42620", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42620" }, { "name": "SSRT100817", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "APPLE-SA-2011-06-23-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "name": "USN-1029-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://ubuntu.com/usn/usn-1029-1" }, { "name": "ADV-2010-3120", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "name": "FEDORA-2010-18736", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html" }, { "name": "ADV-2010-3122", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "name": "43169", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43169" }, { "name": "43172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43172" }, { "name": "HPSBHF02706", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "45164", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/45164" }, { "name": "69565", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/69565" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "42469", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42469" }, { "name": "HPSBMU02759", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "SSRT100475", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "42877", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42877" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "name": "RHSA-2010:0977", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html" }, { "name": "HPSBMA02658", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "SSRT100413", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "ADV-2010-3134", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "name": "ADV-2010-3188", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "name": "oval:org.mitre.oval:def:18910", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910" }, { "name": "HPSBUX02638", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "ADV-2011-0076", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openssl.org/news/secadv_20101202.txt" }, { "name": "RHSA-2010:0978", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html" }, { "name": "44269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/44269" }, { "name": "RHSA-2011:0896", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" }, { "name": "DSA-2141", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "name": "HPSBOV02670", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "SSRT100613", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "SSRT100339", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "MDVSA-2010:248", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248" }, { "name": "RHSA-2010:0979", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST" }, { "name": "42811", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42811" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4180", "datePublished": "2010-12-06T21:00:00", "dateReserved": "2010-11-04T00:00:00", "dateUpdated": "2024-08-07T03:34:37.524Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2010-4180\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-12-06T21:05:48.687\",\"lastModified\":\"2022-08-04T19:59:42.243\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.\"},{\"lang\":\"es\",\"value\":\"OpenSSL en versiones anteriores a 0.9.8q y 1.0.x en versiones anteriores a 1.0.0c, cuando SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG est\u00e1 habilitado, no previene adecuadamente la modificaci\u00f3n del conjunto de cifrado en la cach\u00e9 de sesi\u00f3n, lo que permite a atacantes remotos forzar la degradaci\u00f3n para un cifrado no destinado a trav\u00e9s de vectores que involucran rastreo de tr\u00e1fico de red para descubrir un identificador de sesi\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.9.8q\",\"matchCriteriaId\":\"0447353B-C86F-466E-91DD-39D56D850E35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndExcluding\":\"1.0.0c\",\"matchCriteriaId\":\"FA2FAFBB-00A0-4546-8B36-6028D6706FD7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2D59BD0-43DE-4E58-A057-640AB98359A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDE52846-24EC-4068-B788-EC7F915FFF11\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C757774-08E7-40AA-B532-6F705C8F7639\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"7EBFE35C-E243-43D1-883D-4398D71763CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5D026D0-EF78-438D-BEDD-FC8571F3ACEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"01EDA41C-6B2E-49AF-B503-EB3882265C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87614B58-24AB-49FB-9C84-E8DDBA16353B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5646FDE9-CF21-46A9-B89D-F5BBDB4249AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE554781-1EB9-446E-911F-6C11970C47F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4500161F-13A0-4369-B93A-778B34E7F005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E496249-23A8-42FC-A109-634A54B5600F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*\",\"matchCriteriaId\":\"4339DE06-19FB-4B8E-B6AE-3495F605AD05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"60FBDD82-691C-4D9D-B71B-F9AFF6931B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CD2D897-E321-4CED-92E0-11A98B52053C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*\",\"matchCriteriaId\":\"79A35457-EAA3-4BF9-A4DA-B2E414A75A02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*\",\"matchCriteriaId\":\"D1D7B467-58DD-45F1-9F1F-632620DF072A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.9.2\",\"matchCriteriaId\":\"3E532D95-4A9F-47B1-979B-C116F7C7A73F\"}]}]}],\"references\":[{\"url\":\"http://cvs.openssl.org/chngview?cn=20131\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Patch\"]},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://openssl.org/news/secadv_20101202.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/69565\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/42469\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/42473\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/42493\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/42571\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/42620\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/42811\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/42877\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/43169\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/43170\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/43171\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/43172\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/43173\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/44269\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://ubuntu.com/usn/usn-1029-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2141\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/737740\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:248\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0977.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0978.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0979.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0896.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/522176\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/45164\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1024822\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3120\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3122\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3134\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3188\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0032\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0076\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0268\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=659462\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
gsd-2010-4180
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2010-4180", "description": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.", "id": "GSD-2010-4180", "references": [ "https://www.suse.com/security/cve/CVE-2010-4180.html", "https://www.debian.org/security/2011/dsa-2141", "https://access.redhat.com/errata/RHSA-2011:0896", "https://access.redhat.com/errata/RHSA-2010:0979", "https://access.redhat.com/errata/RHSA-2010:0978", "https://access.redhat.com/errata/RHSA-2010:0977", "https://linux.oracle.com/cve/CVE-2010-4180.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2010-4180" ], "details": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.", "id": "GSD-2010-4180", "modified": "2023-12-13T01:21:30.659526Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4180", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "name": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "name": "http://www.redhat.com/support/errata/RHSA-2011-0896.html", "refsource": "MISC", "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" }, { "name": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html", "refsource": "MISC", "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "name": "http://support.apple.com/kb/HT4723", "refsource": "MISC", "url": "http://support.apple.com/kb/HT4723" }, { "name": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777", "refsource": "MISC", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "http://secunia.com/advisories/44269", "refsource": "MISC", "url": "http://secunia.com/advisories/44269" }, { "name": "http://www.kb.cert.org/vuls/id/737740", "refsource": "MISC", "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "http://openssl.org/news/secadv_20101202.txt", "refsource": "MISC", "url": "http://openssl.org/news/secadv_20101202.txt" }, { "name": "http://secunia.com/advisories/42469", "refsource": "MISC", "url": "http://secunia.com/advisories/42469" }, { "name": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471", "refsource": "MISC", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "name": "http://www.vupen.com/english/advisories/2010/3120", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "name": "http://www.vupen.com/english/advisories/2010/3122", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "name": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "http://secunia.com/advisories/42877", "refsource": "MISC", "url": "http://secunia.com/advisories/42877" }, { "name": "http://www.vupen.com/english/advisories/2011/0076", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "name": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "http://secunia.com/advisories/42811", "refsource": "MISC", "url": "http://secunia.com/advisories/42811" }, { "name": "http://www.debian.org/security/2011/dsa-2141", "refsource": "MISC", "url": "http://www.debian.org/security/2011/dsa-2141" }, { "name": "http://www.securityfocus.com/archive/1/522176", "refsource": "MISC", "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "http://www.vupen.com/english/advisories/2011/0032", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "name": "http://cvs.openssl.org/chngview?cn=20131", "refsource": "MISC", "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html", "refsource": "MISC", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html" }, { "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html", "refsource": "MISC", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html" }, { "name": "http://osvdb.org/69565", "refsource": "MISC", "url": "http://osvdb.org/69565" }, { "name": "http://secunia.com/advisories/42473", "refsource": "MISC", "url": "http://secunia.com/advisories/42473" }, { "name": "http://secunia.com/advisories/42493", "refsource": "MISC", "url": "http://secunia.com/advisories/42493" }, { "name": "http://secunia.com/advisories/42571", "refsource": "MISC", "url": "http://secunia.com/advisories/42571" }, { "name": "http://secunia.com/advisories/42620", "refsource": "MISC", "url": "http://secunia.com/advisories/42620" }, { "name": "http://secunia.com/advisories/43169", "refsource": "MISC", "url": "http://secunia.com/advisories/43169" }, { "name": "http://secunia.com/advisories/43170", "refsource": "MISC", "url": "http://secunia.com/advisories/43170" }, { "name": "http://secunia.com/advisories/43171", "refsource": "MISC", "url": "http://secunia.com/advisories/43171" }, { "name": "http://secunia.com/advisories/43172", "refsource": "MISC", "url": "http://secunia.com/advisories/43172" }, { "name": "http://secunia.com/advisories/43173", "refsource": "MISC", "url": "http://secunia.com/advisories/43173" }, { "name": "http://ubuntu.com/usn/usn-1029-1", "refsource": "MISC", "url": "http://ubuntu.com/usn/usn-1029-1" }, { "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248", "refsource": "MISC", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248" }, { "name": "http://www.redhat.com/support/errata/RHSA-2010-0977.html", "refsource": "MISC", "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html" }, { "name": "http://www.redhat.com/support/errata/RHSA-2010-0978.html", "refsource": "MISC", "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html" }, { "name": "http://www.redhat.com/support/errata/RHSA-2010-0979.html", "refsource": "MISC", "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html" }, { "name": "http://www.securityfocus.com/bid/45164", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/45164" }, { "name": "http://www.securitytracker.com/id?1024822", "refsource": "MISC", "url": "http://www.securitytracker.com/id?1024822" }, { "name": "http://www.vupen.com/english/advisories/2010/3134", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "name": "http://www.vupen.com/english/advisories/2010/3188", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "name": "http://www.vupen.com/english/advisories/2011/0268", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2011/0268" }, { "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST", "refsource": "MISC", "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST" }, { "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910", "refsource": "MISC", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=659462", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.0c", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.8q", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.2", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4180" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "http://cvs.openssl.org/chngview?cn=20131", "refsource": "CONFIRM", "tags": [ "Broken Link", "Patch" ], "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=659462", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "name": "http://openssl.org/news/secadv_20101202.txt", "refsource": "CONFIRM", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://openssl.org/news/secadv_20101202.txt" }, { "name": "ADV-2010-3120", "refsource": "VUPEN", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "name": "ADV-2010-3122", "refsource": "VUPEN", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "name": "USN-1029-1", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ], "url": "http://ubuntu.com/usn/usn-1029-1" }, { "name": "42473", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/42473" }, { "name": "SSA:2010-340-01", "refsource": "SLACKWARE", "tags": [ "Third Party Advisory" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "name": "ADV-2010-3134", "refsource": "VUPEN", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "name": "69565", "refsource": "OSVDB", "tags": [ "Broken Link" ], "url": "http://osvdb.org/69565" }, { "name": "1024822", "refsource": "SECTRACK", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1024822" }, { "name": "42493", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/42493" }, { "name": "MDVSA-2010:248", "refsource": "MANDRIVA", "tags": [ "Permissions Required" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248" }, { "name": "45164", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/45164" }, { "name": "42469", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/42469" }, { "name": "ADV-2010-3188", "refsource": "VUPEN", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "name": "FEDORA-2010-18765", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html" }, { "name": "RHSA-2010:0979", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html" }, { "name": "42620", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/42620" }, { "name": "42571", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/42571" }, { "name": "FEDORA-2010-18736", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html" }, { "name": "DSA-2141", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "name": "42811", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/42811" }, { "name": "ADV-2011-0032", "refsource": "VUPEN", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "name": "SUSE-SR:2011:001", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "RHSA-2010:0977", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html" }, { "name": "RHSA-2010:0978", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html" }, { "name": "42877", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/42877" }, { "name": "ADV-2011-0076", "refsource": "VUPEN", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "name": "ADV-2011-0268", "refsource": "VUPEN", "tags": [ "Permissions Required" ], "url": "http://www.vupen.com/english/advisories/2011/0268" }, { "name": "43171", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/43171" }, { "name": "43172", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/43172" }, { "name": "43169", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/43169" }, { "name": "43173", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/43173" }, { "name": "43170", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/43170" }, { "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST", "refsource": "CONFIRM", "tags": [ "Broken Link" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST" }, { "name": "44269", "refsource": "SECUNIA", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/44269" }, { "name": "http://support.apple.com/kb/HT4723", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT4723" }, { "name": "APPLE-SA-2011-06-23-1", "refsource": "APPLE", "tags": [ "Broken Link", "Mailing List", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "name": "RHSA-2011:0896", "refsource": "REDHAT", "tags": [ "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" }, { "name": "openSUSE-SU-2011:0845", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "name": "SUSE-SU-2011:0847", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "name": "HPSBHF02706", "refsource": "HP", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "SSRT100817", "refsource": "HP", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "HPSBMA02658", "refsource": "HP", "tags": [ "Broken Link" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "VU#737740", "refsource": "CERT-VN", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "SUSE-SR:2011:009", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "name": "HPSBUX02638", "refsource": "HP", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "SSRT100475", "refsource": "HP", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "oval:org.mitre.oval:def:18910", "refsource": "OVAL", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2022-08-04T19:59Z", "publishedDate": "2010-12-06T21:05Z" } } }
var-201012-0193
Vulnerability from variot
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite. Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL. Releases prior to OpenSSL 1.0.0c are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02824483 Version: 1
HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05 Last Updated: 2011-05-05
Potential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses.
References: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS v 1.4 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
HISTORY Version:1 (rev.1) - 5 May 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2011-0013 Synopsis: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-10-27 Updated on: 2011-10-27 (initial release of advisory) CVE numbers: --- openssl --- CVE-2008-7270 CVE-2010-4180 --- libuser --- CVE-2011-0002 --- nss, nspr --- CVE-2010-3170 CVE-2010-3173 --- Oracle (Sun) JRE 1.6.0 --- CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475 CVE-2010-4476 --- Oracle (Sun) JRE 1.5.0 --- CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867 CVE-2011-0865 --- SFCB --- CVE-2010-2054
- Summary
Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.
- Relevant releases
vCenter Server 4.1 without Update 2
vCenter Update Manager 4.1 without Update 2
ESXi 4.1 without patch ESX410-201110201-SG.
ESX 4.1 without patches ESX410-201110201-SG, ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG.
- Problem Description
a. ESX third party update for Service Console openssl RPM
The Service Console openssl RPM is updated to
openssl-0.9.8e.12.el5_5.7 resolving two security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-7270 and CVE-2010-4180 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any any not affected
ESX 4.1 ESX ESX410-201110204-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console libuser RPM
The Service Console libuser RPM is updated to version
0.54.7-2.1.el5_5.2 to resolve a security issue.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2011-0002 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110206-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
c. ESX third party update for Service Console nss and nspr RPMs
The Service Console Network Security Services (NSS) and Netscape
Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1
and nss-3.12.8-4 resolving multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3170 and CVE-2010-3173 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110214-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24
Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,
CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,
CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,
CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,
CVE-2010-4475 and CVE-2010-4476.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,
CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,
CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,
CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,
CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,
CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,
CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and
CVE-2010-3574.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 5.0 Windows not affected
vCenter 4.1 Windows Update 2
vCenter 4.0 Windows not applicable **
VirtualCenter 2.5 Windows not applicable **
Update Manager 5.0 Windows not affected
Update Manager 4.1 Windows not applicable **
Update Manager 4.0 Windows not applicable **
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX not applicable **
ESX 3.5 ESX not applicable **
ESX 3.0.3 ESX not applicable **
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family
e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30
Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,
CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,
CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,
CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,
CVE-2010-4475, CVE-2010-4476.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 5.0 Windows not applicable **
vCenter 4.1 Windows not applicable **
vCenter 4.0 Windows patch pending
VirtualCenter 2.5 Windows patch pending
Update Manager 5.0 Windows not applicable **
Update Manager 4.1 Windows Update 2
Update Manager 4.0 Windows patch pending
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable **
ESX 4.0 ESX patch pending
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX affected, no patch planned
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family
f. Integer overflow in VMware third party component sfcb
This release resolves an integer overflow issue present in the
third party library SFCB when the httpMaxContentLength has been
changed from its default value to 0 in in /etc/sfcb/sfcb.cfg.
The integer overflow could allow remote attackers to cause a
denial of service (heap memory corruption) or possibly execute
arbitrary code via a large integer in the Content-Length HTTP
header.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2054 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi 5.0 ESXi not affected
ESXi 4.1 ESXi ESXi410-201110201-SG
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
-
hosted products are VMware Workstation, Player, ACE, Fusion.
-
Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware vCenter Server 4.1
vCenter Server 4.1 Update 2 The download for vCenter Server includes VMware Update Manager.
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html https://www.vmware.com/support/pubs/vum_pubs.html
File: VMware-VIMSetup-all-4.1.0-493063.iso md5sum: d132326846a85bfc9ebbc53defeee6e1 sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541
File: VMware-VIMSetup-all-4.1.0-493063.zip md5sum: 7fd7b09e501bd8fde52649b395491222 sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1
File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESXi 4.1
VMware ESXi 4.1 Update 2
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html
File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso md5sum: 0aa78790a336c5fc6ba3d9807c98bfea sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce
File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip md5sum: 459d9142a885854ef0fa6edd8d6a5677 sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33
File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip md5sum: 3047fac78a4aaa05cf9528d62fad9d73 sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f
File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG.
VMware ESX 4.1
VMware ESX 4.1 Update 2 Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
File: ESX-4.1.0-update02-502767.iso md5sum: 9a2b524446cbd756f0f1c7d8d88077f8 sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c
File: pre-upgrade-from-esx4.0-to-4.1-502767.zip md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4
File: upgrade-from-esx4.0-to-4.1-update02-502767.zip md5sum: 4b60f36ee89db8cb7e1243aa02cdb549 sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f
File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESX 4.1 Update 2 contains ESX410-201110204-SG, ESX410-201110206-SG, ESX410-201110201-SG and ESX410-201110214-SG.
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873
- Change log
2011-10-27 VMSA-2011-0013 Initial security advisory in conjunction with the release of Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l lJkAmweROyq5t0iWwM0EN2iP9ly6trbc =Dm8O -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01
http://security.gentoo.org/
Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01
Synopsis
Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.0e >= 1.0.0e
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact
A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.
References
[ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2141-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq
Package : openssl Vulnerability : SSL/TLS insecure renegotiation protocol design flaw Problem type : remote Debian-specific: no CVE ID : CVE-2009-3555 CVE-2010-4180 Debian Bug : 555829
CVE-2009-3555:
Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue.
If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation.
This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable.
Currently we are not aware of other software with similar compatibility problems.
CVE-2010-4180:
In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite.
For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny11.
For the unstable distribution (sid), and the testing distribution (squeeze), this problem has been fixed in version 0.9.8o-4.
We recommend that you upgrade your openssl package. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections.
The OpenSSL security team would like to thank Martin Rex for reporting this issue.
This vulnerability is tracked as CVE-2010-4180
OpenSSL JPAKE validation error
Sebastian Martini found an error in OpenSSL's J-PAKE implementation which could lead to successful validation by someone with no knowledge of the shared secret. This error is fixed in 1.0.0c. Details of the problem can be found here:
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
Note that the OpenSSL Team still consider our implementation of J-PAKE to be experimental and is not compiled by default.
Any OpenSSL based SSL/TLS server is vulnerable if it uses OpenSSL's internal caching mechanisms and the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG flag (many applications enable this by using the SSL_OP_ALL option).
All users of OpenSSL's experimental J-PAKE implementation are vulnerable to the J-PAKE validation error.
Alternatively do not set the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG and/or SSL_OP_ALL flags.
Users of OpenSSL 1.0.0 releases should update to the OpenSSL 1.0.0c release which contains a patch to correct this issue and also contains a corrected version of the CVE-2010-3864 vulnerability fix.
If upgrading is not immediately possible, the relevant source code patch provided in this advisory should be applied.
Any user of OpenSSL's J-PAKE implementaion (which is not compiled in by default) should upgrade to OpenSSL 1.0.0c.
Patch
Index: ssl/s3_clnt.c
RCS file: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v retrieving revision 1.129.2.16 diff -u -r1.129.2.16 s3_clnt.c --- ssl/s3_clnt.c 10 Oct 2010 12:33:10 -0000 1.129.2.16 +++ ssl/s3_clnt.c 24 Nov 2010 14:32:37 -0000 @@ -866,8 +866,11 @@ s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { +/ Workaround is now obsolete / +#if 0 if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) +#endif { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); Index: ssl/s3_srvr.c =================================================================== RCS file: /v/openssl/cvs/openssl/ssl/s3_srvr.c,v retrieving revision 1.171.2.22 diff -u -r1.171.2.22 s3_srvr.c --- ssl/s3_srvr.c 14 Nov 2010 13:50:29 -0000 1.171.2.22 +++ ssl/s3_srvr.c 24 Nov 2010 14:34:28 -0000 @@ -985,6 +985,10 @@ break; } } +/ Disabled because it can be used in a ciphersuite downgrade + * attack: CVE-2010-4180. + / +#if 0 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) { / Special case as client bug workaround: the previously used cipher may @@ -999,6 +1003,7 @@ j = 1; } } +#endif if (j == 0) { / we need to have the cipher in the cipher
References
URL for this Security Advisory: http://www.openssl.org/news/secadv_20101202.txt
URL for updated CVS-2010-3864 Security Advisory: http://www.openssl.org/news/secadv_20101116-2.txt
. HP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. HP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier.
The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport
HP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent.
HP Integrated Lights-Out 3 (iLO3) Online ROM Flash Component for Linux and Windows v1.20 or subsequent
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201012-0193", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "lt", "trust": 1.8, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "lt", "trust": 1.8, "vendor": "openssl", "version": "1.0.0c" }, { "model": "linux", "scope": "eq", "trust": 1.3, "vendor": "debian", "version": "5.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.3, "vendor": "suse", "version": "9" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "linux enterprise", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.9.2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "9.04" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "13" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.1" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.4" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "14" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "8.04" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "6.06" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.04" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efi", "version": null }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.0.3" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.7" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.7" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "cacheflow", "scope": "lt", "trust": 0.8, "vendor": "blue coat", "version": "2.1.4.7" }, { "model": "director", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "packetshaper", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "policycenter", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "proxyav", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "reporter", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "proxyone", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "proxysg", "scope": "lt", "trust": 0.8, "vendor": "blue coat", "version": "6.1.2.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.3.3" }, { "model": "linux enterprise sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.4.3" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "integrated lights out", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "21.16" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0.4" }, { "model": "hat jboss enterprise web server for rhel as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "41.0" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.2" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "hat jboss enterprise web server for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "61.0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "syslog-ng premium edition", "scope": "eq", "trust": 0.3, "vendor": "balabit", "version": "3.0.6" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "syslog-ng premium edition 3.2.1a", "scope": null, "trust": 0.3, "vendor": "balabit", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "project openssl b-36.8", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.2.6.1" }, { "model": "hat enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.2.6" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "coat systems cacheflow", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "2.1.47" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "coat systems policy center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.6" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.11" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "syslog-ng premium edition", "scope": "eq", "trust": 0.3, "vendor": "balabit", "version": "3.2" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.4.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.2.5" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "integrated lights out", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "32.05" }, { "model": "edirectory sp6 patch", "scope": "ne", "trust": 0.3, "vendor": "novell", "version": "8.83" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "project openssl 1.0.0c", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "hat jboss enterprise web server for rhel", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "61.0.2" }, { "model": "hat enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "edirectory sp1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.4.8" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.4.2" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "edirectory sp3", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.3" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "coat systems proxyone", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.2" }, { "model": "hat enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.32" }, { "model": "intuity audix lx sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5300-06" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.31" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "edirectory sp4", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5200-10" }, { "model": "syslog-ng premium edition 3.2.1b", "scope": "ne", "trust": 0.3, "vendor": "balabit", "version": null }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "coat systems packetshaper", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "8.7.1" }, { "model": "hat jboss enterprise web server for rhel server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "51.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "linux enterprise sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.6" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "enterprise linux desktop version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "appliance platform linux service", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "syslog-ng premium edition 3.0.7a", "scope": "ne", "trust": 0.3, "vendor": "balabit", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "hat jboss enterprise web server for solaris", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "1.0.2" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "coat systems policy center", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "8.7.1" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.2.6.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "hat jboss enterprise web server for rhel es", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "41.0.2" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "hat jboss enterprise web server for windows", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "1.0.2" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "coat systems director", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.2.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12" }, { "model": "hat enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "hat enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "syslog-ng premium edition 4.0.1a", "scope": "ne", "trust": 0.3, "vendor": "balabit", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.2.8.7" }, { "model": "coat systems policy center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.7" }, { "model": "appliance platform linux service", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "2" }, { "model": "hat jboss enterprise web server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5.0" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.2.4" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "edirectory sp2", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.4.2.3" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "syslog-ng premium edition", "scope": "eq", "trust": 0.3, "vendor": "balabit", "version": "4.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "hat jboss enterprise web server for rhel as", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "41.0.2" }, { "model": "coat systems packetshaper", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.3.2" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux enterprise teradata sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "syslog-ng premium edition", "scope": "eq", "trust": 0.3, "vendor": "balabit", "version": "3.0.7" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "hat enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat jboss enterprise web server for rhel server", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "51.0.2" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "hat jboss enterprise web server for windows", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "1.0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.0" }, { "model": "coat systems proxysg", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "6.1.21" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.2.1.6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "syslog-ng premium edition", "scope": "eq", "trust": 0.3, "vendor": "balabit", "version": "3.0.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.2.6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "hat jboss enterprise web server for rhel es", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "41.0" }, { "model": "edirectory", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "hat enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "11.0" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "intuity audix lx sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "coat systems cacheflow", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.1.46" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hat enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.2.10" }, { "model": "edirectory sp5 patch", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.84" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "edirectory sp4 ftf1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "edirectory sp5 ftf1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "hat jboss enterprise web server for solaris", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "1.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "edirectory sp3 ftf3", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.21" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "coat systems packetshaper", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.4" }, { "model": "jboss enterprise web server el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "edirectory sp5", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "45164" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.0c", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.8q", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-4180" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Martin Rex", "sources": [ { "db": "BID", "id": "45164" } ], "trust": 0.3 }, "cve": "CVE-2010-4180", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2010-4180", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-4180", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2010-4180", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite. \nSuccessfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL. \nReleases prior to OpenSSL 1.0.0c are affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824483\nVersion: 1\n\nHPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. \n\nReferences: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS v 1.4 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nHP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers:\nhttp://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2011-0013\nSynopsis: VMware third party component updates for VMware vCenter\n Server, vCenter Update Manager, ESXi and ESX\nIssue date: 2011-10-27\nUpdated on: 2011-10-27 (initial release of advisory)\nCVE numbers: --- openssl ---\n CVE-2008-7270 CVE-2010-4180\n --- libuser ---\n CVE-2011-0002\n --- nss, nspr ---\n CVE-2010-3170 CVE-2010-3173\n --- Oracle (Sun) JRE 1.6.0 ---\n CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549\n CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553\n CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557\n CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561\n CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566\n CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570\n CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574\n CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450\n CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462\n CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467\n CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471\n CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475\n CVE-2010-4476\n --- Oracle (Sun) JRE 1.5.0 ---\n CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454\n CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468\n CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476\n CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864\n CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867\n CVE-2011-0865\n --- SFCB ---\n CVE-2010-2054\n- ------------------------------------------------------------------------\n\n1. Summary\n\n Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere\n Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues. \n\n2. Relevant releases\n\n vCenter Server 4.1 without Update 2\n\n vCenter Update Manager 4.1 without Update 2\n\n ESXi 4.1 without patch ESX410-201110201-SG. \n\n ESX 4.1 without patches ESX410-201110201-SG,\n ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG. \n\n3. Problem Description\n\n a. ESX third party update for Service Console openssl RPM\n\n The Service Console openssl RPM is updated to\n openssl-0.9.8e.12.el5_5.7 resolving two security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-7270 and CVE-2010-4180 to these\n issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi any any not affected\n\n ESX 4.1 ESX ESX410-201110204-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n b. ESX third party update for Service Console libuser RPM\n\n The Service Console libuser RPM is updated to version\n 0.54.7-2.1.el5_5.2 to resolve a security issue. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2011-0002 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201110206-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n c. ESX third party update for Service Console nss and nspr RPMs\n\n The Service Console Network Security Services (NSS) and Netscape\n Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1\n and nss-3.12.8-4 resolving multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-3170 and CVE-2010-3173 to these\n issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201110214-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24\n\n Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\n CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,\n CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,\n CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,\n CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,\n CVE-2010-4475 and CVE-2010-4476. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,\n CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,\n CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,\n CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,\n CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\n CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,\n CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and\n CVE-2010-3574. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 5.0 Windows not affected\n vCenter 4.1 Windows Update 2\n vCenter 4.0 Windows not applicable **\n VirtualCenter 2.5 Windows not applicable **\n\n Update Manager 5.0 Windows not affected\n Update Manager 4.1 Windows not applicable **\n Update Manager 4.0 Windows not applicable **\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201110201-SG\n ESX 4.0 ESX not applicable **\n ESX 3.5 ESX not applicable **\n ESX 3.0.3 ESX not applicable **\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.5.0 family\n\n e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30\n\n Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,\n CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,\n CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,\n CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,\n CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,\n CVE-2010-4475, CVE-2010-4476. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 5.0 Windows not applicable **\n vCenter 4.1 Windows not applicable **\n vCenter 4.0 Windows patch pending\n VirtualCenter 2.5 Windows patch pending\n\n Update Manager 5.0 Windows not applicable **\n Update Manager 4.1 Windows Update 2\n Update Manager 4.0 Windows patch pending\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX not applicable **\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX patch pending\n ESX 3.0.3 ESX affected, no patch planned\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.6.0 family\n\n f. Integer overflow in VMware third party component sfcb\n\n This release resolves an integer overflow issue present in the\n third party library SFCB when the httpMaxContentLength has been\n changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. \n The integer overflow could allow remote attackers to cause a\n denial of service (heap memory corruption) or possibly execute\n arbitrary code via a large integer in the Content-Length HTTP\n header. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-2054 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi 5.0 ESXi not affected\n ESXi 4.1 ESXi ESXi410-201110201-SG\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.1 ESX ESX410-201110201-SG\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n4. Solution\n Please review the patch/release notes for your product and version\n and verify the checksum of your downloaded file. \n\n VMware vCenter Server 4.1\n ----------------------------------------------\n vCenter Server 4.1 Update 2\n The download for vCenter Server includes VMware Update Manager. \n\n Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n Release Notes:\n\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n https://www.vmware.com/support/pubs/vum_pubs.html\n\n File: VMware-VIMSetup-all-4.1.0-493063.iso\n md5sum: d132326846a85bfc9ebbc53defeee6e1\n sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541\n\n File: VMware-VIMSetup-all-4.1.0-493063.zip\n md5sum: 7fd7b09e501bd8fde52649b395491222\n sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1\n\n File: VMware-viclient-all-4.1.0-491557.exe\n md5sum: dafd31619ae66da65115ac3900697e3a\n sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n VMware ESXi 4.1\n ---------------\n VMware ESXi 4.1 Update 2\n\n Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n Release Notes:\n\nhttps://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html\n\n File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso\n md5sum: 0aa78790a336c5fc6ba3d9807c98bfea\n sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce\n\n File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip\n md5sum: 459d9142a885854ef0fa6edd8d6a5677\n sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33\n\n File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip\n md5sum: 3047fac78a4aaa05cf9528d62fad9d73\n sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f\n\n File: VMware-tools-linux-8.3.12-493255.iso\n md5sum: 63028f2bf605d26798ac24525a0e6208\n sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932\n\n File: VMware-viclient-all-4.1.0-491557.exe\n md5sum: dafd31619ae66da65115ac3900697e3a\n sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG. \n\n VMware ESX 4.1\n --------------\n VMware ESX 4.1 Update 2\n Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n Release Notes:\n\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n\n File: ESX-4.1.0-update02-502767.iso\n md5sum: 9a2b524446cbd756f0f1c7d8d88077f8\n sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c\n\n File: pre-upgrade-from-esx4.0-to-4.1-502767.zip\n md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf\n sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4\n\n File: upgrade-from-esx4.0-to-4.1-update02-502767.zip\n md5sum: 4b60f36ee89db8cb7e1243aa02cdb549\n sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f\n\n File: VMware-tools-linux-8.3.12-493255.iso\n md5sum: 63028f2bf605d26798ac24525a0e6208\n sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932\n\n File: VMware-viclient-all-4.1.0-491557.exe\n md5sum: dafd31619ae66da65115ac3900697e3a\n sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n VMware ESX 4.1 Update 2 contains ESX410-201110204-SG,\n ESX410-201110206-SG, ESX410-201110201-SG and\n ESX410-201110214-SG. \n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873\n\n- ------------------------------------------------------------------------\n6. Change log\n\n 2011-10-27 VMSA-2011-0013\n Initial security advisory in conjunction with the release of\n Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1,\n vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware security response policy\n http://www.vmware.com/support/policies/security_response.html\n\n General support life cycle policy\n http://www.vmware.com/support/policies/eos.html\n\n VMware Infrastructure support life cycle policy\n http://www.vmware.com/support/policies/eos_vi.html\n\n Copyright 2011 VMware Inc. All rights reserved. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l\nlJkAmweROyq5t0iWwM0EN2iP9ly6trbc\n=Dm8O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201110-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: OpenSSL: Multiple vulnerabilities\n Date: October 09, 2011\n Bugs: #303739, #308011, #322575, #332027, #345767, #347623,\n #354139, #382069\n ID: 201110-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenSSL, allowing for the\nexecution of arbitrary code and other attacks. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.0e \u003e= 1.0.0e\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker could cause a Denial of Service, possibly\nexecute arbitrary code, bypass intended key requirements, force the\ndowngrade to unintended ciphers, bypass the need for knowledge of\nshared secrets and successfully authenticate, bypass CRL validation, or\nobtain sensitive information in applications that use OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0e\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 17, 2011. It is likely that your system is\nalready no longer affected by most of these issues. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-3245\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245\n[ 2 ] CVE-2009-4355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355\n[ 3 ] CVE-2010-0433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433\n[ 4 ] CVE-2010-0740\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740\n[ 5 ] CVE-2010-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742\n[ 6 ] CVE-2010-1633\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633\n[ 7 ] CVE-2010-2939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939\n[ 8 ] CVE-2010-3864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864\n[ 9 ] CVE-2010-4180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180\n[ 10 ] CVE-2010-4252\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252\n[ 11 ] CVE-2011-0014\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014\n[ 12 ] CVE-2011-3207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207\n[ 13 ] CVE-2011-3210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 06, 2011 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : SSL/TLS insecure renegotiation protocol design flaw\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-3555 CVE-2010-4180\nDebian Bug : 555829\n\nCVE-2009-3555:\n\nMarsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS\nand SSLv3 protocols. If an attacker could perform a man in the middle\nattack at the start of a TLS connection, the attacker could inject\narbitrary content at the beginning of the user\u0027s session. This update\nadds backported support for the new RFC5746 renegotiation extension\nwhich fixes this issue. \n\nIf openssl is used in a server application, it will by default no\nlonger accept renegotiation from clients that do not support the\nRFC5746 secure renegotiation extension. A separate advisory will add\nRFC5746 support for nss, the security library used by the iceweasel\nweb browser. For apache2, there will be an update which allows to\nre-enable insecure renegotiation. \n\nThis version of openssl is not compatible with older versions of tor. \nYou have to use at least tor version 0.2.1.26-1~lenny+1, which has\nbeen included in the point release 5.0.7 of Debian stable. \n\nCurrently we are not aware of other software with similar compatibility\nproblems. \n\n\nCVE-2010-4180:\n \nIn addition, this update fixes a flaw that allowed a client to bypass\nrestrictions configured in the server for the used cipher suite. \n\n\nFor the stable distribution (lenny), this problem has been fixed\nin version 0.9.8g-15+lenny11. \n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), this problem has been fixed in version 0.9.8o-4. \n\nWe recommend that you upgrade your openssl package. In some cases the ciphersuite can be downgraded to a weaker one\non subsequent connections. \n\nThe OpenSSL security team would like to thank Martin Rex for reporting this\nissue. \n\nThis vulnerability is tracked as CVE-2010-4180\n\nOpenSSL JPAKE validation error\n===============================\n\nSebastian Martini found an error in OpenSSL\u0027s J-PAKE implementation\nwhich could lead to successful validation by someone with no knowledge\nof the shared secret. This error is fixed in 1.0.0c. Details of the\nproblem can be found here:\n\nhttp://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf\n\nNote that the OpenSSL Team still consider our implementation of J-PAKE\nto be experimental and is not compiled by default. \n\nAny OpenSSL based SSL/TLS server is vulnerable if it uses\nOpenSSL\u0027s internal caching mechanisms and the\nSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG flag (many applications enable this\nby using the SSL_OP_ALL option). \n\nAll users of OpenSSL\u0027s experimental J-PAKE implementation are vulnerable\nto the J-PAKE validation error. \n\nAlternatively do not set the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\nand/or SSL_OP_ALL flags. \n\nUsers of OpenSSL 1.0.0 releases should update to the OpenSSL 1.0.0c release\nwhich contains a patch to correct this issue and also contains a corrected\nversion of the CVE-2010-3864 vulnerability fix. \n\nIf upgrading is not immediately possible, the relevant source code patch\nprovided in this advisory should be applied. \n\nAny user of OpenSSL\u0027s J-PAKE implementaion (which is not compiled in by \ndefault) should upgrade to OpenSSL 1.0.0c. \n\nPatch\n=====\n\nIndex: ssl/s3_clnt.c\n===================================================================\nRCS file: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v\nretrieving revision 1.129.2.16\ndiff -u -r1.129.2.16 s3_clnt.c\n--- ssl/s3_clnt.c\t10 Oct 2010 12:33:10 -0000\t1.129.2.16\n+++ ssl/s3_clnt.c\t24 Nov 2010 14:32:37 -0000\n@@ -866,8 +866,11 @@\n \t\ts-\u003esession-\u003ecipher_id = s-\u003esession-\u003ecipher-\u003eid;\n \tif (s-\u003ehit \u0026\u0026 (s-\u003esession-\u003ecipher_id != c-\u003eid))\n \t\t{\n+/* Workaround is now obsolete */\n+#if 0\n \t\tif (!(s-\u003eoptions \u0026\n \t\t\tSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))\n+#endif\n \t\t\t{\n \t\t\tal=SSL_AD_ILLEGAL_PARAMETER;\n \t\t\tSSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);\nIndex: ssl/s3_srvr.c\n===================================================================\nRCS file: /v/openssl/cvs/openssl/ssl/s3_srvr.c,v\nretrieving revision 1.171.2.22\ndiff -u -r1.171.2.22 s3_srvr.c\n--- ssl/s3_srvr.c\t14 Nov 2010 13:50:29 -0000\t1.171.2.22\n+++ ssl/s3_srvr.c\t24 Nov 2010 14:34:28 -0000\n@@ -985,6 +985,10 @@\n \t\t\t\tbreak;\n \t\t\t\t}\n \t\t\t}\n+/* Disabled because it can be used in a ciphersuite downgrade\n+ * attack: CVE-2010-4180. \n+ */\n+#if 0\n \t\tif (j == 0 \u0026\u0026 (s-\u003eoptions \u0026 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) \u0026\u0026 (sk_SSL_CIPHER_num(ciphers) == 1))\n \t\t\t{\n \t\t\t/* Special case as client bug workaround: the previously used cipher may\n@@ -999,6 +1003,7 @@\n \t\t\t\tj = 1;\n \t\t\t\t}\n \t\t\t}\n+#endif\n \t\tif (j == 0)\n \t\t\t{\n \t\t\t/* we need to have the cipher in the cipher\n\n\n\nReferences\n===========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20101202.txt\n\nURL for updated CVS-2010-3864 Security Advisory:\nhttp://www.openssl.org/news/secadv_20101116-2.txt\n\n\n. \nHP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. \nHP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier. \n\nThe latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport\n\nHP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent. \n\nHP Integrated Lights-Out 3 (iLO3) Online ROM Flash Component for Linux and Windows v1.20 or subsequent", "sources": [ { "db": "NVD", "id": "CVE-2010-4180" }, { "db": "CERT/CC", "id": "VU#737740" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "BID", "id": "45164" }, { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "97287" }, { "db": "PACKETSTORM", "id": "96498" }, { "db": "PACKETSTORM", "id": "106754" } ], "trust": 3.24 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-4180", "trust": 2.9 }, { "db": "CERT/CC", "id": "VU#737740", "trust": 2.2 }, { "db": "BID", "id": "45164", "trust": 2.2 }, { "db": "SECUNIA", "id": "42473", "trust": 1.9 }, { "db": "VUPEN", "id": "ADV-2010-3120", "trust": 1.9 }, { "db": "SECTRACK", "id": "1024822", "trust": 1.9 }, { "db": "OSVDB", "id": "69565", "trust": 1.9 }, { "db": "SECUNIA", "id": "43169", "trust": 1.1 }, { "db": "SECUNIA", "id": "42811", "trust": 1.1 }, { "db": "SECUNIA", "id": "42469", "trust": 1.1 }, { "db": "SECUNIA", "id": "43172", "trust": 1.1 }, { "db": "SECUNIA", "id": "42571", "trust": 1.1 }, { "db": "SECUNIA", "id": "42493", "trust": 1.1 }, { "db": "SECUNIA", "id": "43173", "trust": 1.1 }, { "db": "SECUNIA", "id": "44269", "trust": 1.1 }, { "db": "SECUNIA", "id": "43170", "trust": 1.1 }, { "db": "SECUNIA", "id": "42620", "trust": 1.1 }, { "db": "SECUNIA", "id": "42877", "trust": 1.1 }, { "db": "SECUNIA", "id": "43171", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0076", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-3188", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0268", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-3122", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0032", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-3134", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU91284469", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2010-002548", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2010-4180", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116124", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101256", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106330", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105638", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97287", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "96498", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106754", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "BID", "id": "45164" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "97287" }, { "db": "PACKETSTORM", "id": "96498" }, { "db": "PACKETSTORM", "id": "106754" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "id": "VAR-201012-0193", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41666666 }, "last_update_date": "2024-07-23T19:37:04.941000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT4723", "trust": 0.8, "url": "http://support.apple.com/kb/ht4723" }, { "title": "openssl-0.9.8e-12.AXS3.7", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1324" }, { "title": "HPSBUX02638", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c02737002" }, { "title": "2168", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2168" }, { "title": "20131", "trust": 0.8, "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "title": "secadv_20101202", "trust": 0.8, "url": "http://openssl.org/news/secadv_20101202.txt" }, { "title": "RHSA-2010:0977", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0977.html" }, { "title": "RHSA-2010:0978", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0978.html" }, { "title": "RHSA-2010:0979", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0979.html" }, { "title": "SA53", "trust": 0.8, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53" }, { "title": "cve_2010_4180_affects_openssl", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2010_4180_affects_openssl" }, { "title": "Multiple OpenSSL vulnerabilities in Sun SPARC Enterprise M-series XCP Firmware", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun" }, { "title": "TLSA-2013-3", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2013/tlsa-2013-3j.html" }, { "title": "VMSA-2011-0013", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/vmsa-2011-0013.html" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1029-1" }, { "title": "Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1c00cc4c6dbe7bb057db61e10ff97d6d" }, { "title": "Symantec Security Advisories: SA53 : OpenSSL Ciphersuite Downgrade Attack (CVE-2010-4180)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=92a9a237511ca120aa4255feb5bdf611" }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " }, { "title": "", "trust": 0.1, "url": "https://github.com/khulnasoft-labs/awesome-security " } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-DesignError", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "trust": 1.9, "url": "http://secunia.com/advisories/42473" }, { "trust": 1.9, "url": "http://osvdb.org/69565" }, { "trust": 1.9, "url": "http://www.securitytracker.com/id?1024822" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/45164" }, { "trust": 1.5, "url": "http://www.kb.cert.org/vuls/id/737740" }, { "trust": 1.1, "url": "http://w3.efi.com/fiery" }, { "trust": 1.1, "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "trust": 1.1, "url": "http://openssl.org/news/secadv_20101202.txt" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "trust": 1.1, "url": "http://ubuntu.com/usn/usn-1029-1" }, { "trust": 1.1, "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42493" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:248" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42469" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052027.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0979.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42620" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42571" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052315.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2011/dsa-2141" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42811" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0977.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0978.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42877" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0268" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43171" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43172" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43169" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43173" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43170" }, { "trust": 1.1, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53\u0026actp=list" }, { "trust": 1.1, "url": "http://secunia.com/advisories/44269" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht4723" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0896.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/522176" }, { "trust": 1.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02794777" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18910" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4180" }, { "trust": 0.8, "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64" }, { "trust": 0.8, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu976710" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu91284469/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4180" }, { "trust": 0.6, "url": "http://support.avaya.com/css/p8/documents/100124969" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180" }, { "trust": 0.3, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000107.html" }, { "trust": 0.3, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000111.html" }, { "trust": 0.3, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000108.html" }, { "trust": 0.3, "url": "http://blogs.sun.com/security/entry/cve_2010_4180_affects_openssl" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=3426981" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03263573" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.openssl.org/news/secadv_20101202.txt\\" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2011-0013.html" }, { "trust": 0.3, "url": "/archive/1/516801" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100124972" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100131810" }, { "trust": 0.3, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03024266\u0026ac.admitted=1320706848406.876444892.492883150" }, { "trust": 0.3, "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02794777" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory2.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100124969" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4252" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1029-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4410" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1020" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4325" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4110" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5029" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2496" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2761" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3188" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5064" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2699" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4609" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4132" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4324" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2484" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3864" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4473" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4472" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4474" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0862" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1321" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4451" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2054" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4465" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0864" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4469" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0802" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3563" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4452" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0873" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4450" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4471" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3560" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4463" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0815" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4447" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476" }, { "trust": 0.1, "url": "http://enigmail.mozdev.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4467" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0865" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0867" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3558" }, { "trust": 0.1, "url": "http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0871" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4448" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7270" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3570" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0002" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4475" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4454" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4470" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4462" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3173" }, { "trust": 0.1, "url": "https://www.vmware.com/support/pubs/vum_pubs.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2054" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0814" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4468" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-01.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://www.openssl.org/news/secadv_20101202.txt" }, { "trust": 0.1, "url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf" }, { "trust": 0.1, "url": "http://www.openssl.org/news/secadv_20101116-2.txt" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "http://www.hp.com/go/bizsupport" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "BID", "id": "45164" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "97287" }, { "db": "PACKETSTORM", "id": "96498" }, { "db": "PACKETSTORM", "id": "106754" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "BID", "id": "45164" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "97287" }, { "db": "PACKETSTORM", "id": "96498" }, { "db": "PACKETSTORM", "id": "106754" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-03-18T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2010-12-06T00:00:00", "db": "VULMON", "id": "CVE-2010-4180" }, { "date": "2010-12-02T00:00:00", "db": "BID", "id": "45164" }, { "date": "2010-12-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "date": "2012-09-01T00:00:25", "db": "PACKETSTORM", "id": "116124" }, { "date": "2011-05-10T00:44:30", "db": "PACKETSTORM", "id": "101256" }, { "date": "2011-10-28T14:46:28", "db": "PACKETSTORM", "id": "106330" }, { "date": "2011-10-09T16:42:00", "db": "PACKETSTORM", "id": "105638" }, { "date": "2011-01-06T16:22:22", "db": "PACKETSTORM", "id": "97287" }, { "date": "2010-12-03T12:12:12", "db": "PACKETSTORM", "id": "96498" }, { "date": "2011-11-09T00:58:11", "db": "PACKETSTORM", "id": "106754" }, { "date": "2010-12-06T21:05:48.687000", "db": "NVD", "id": "CVE-2010-4180" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-05-02T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2022-08-04T00:00:00", "db": "VULMON", "id": "CVE-2010-4180" }, { "date": "2015-04-13T21:15:00", "db": "BID", "id": "45164" }, { "date": "2012-12-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "date": "2022-08-04T19:59:42.243000", "db": "NVD", "id": "CVE-2010-4180" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "45164" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "sources": [ { "db": "CERT/CC", "id": "VU#737740" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "45164" } ], "trust": 0.3 } }
rhsa-2010_0977
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated openssl packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.\nA remote attacker could possibly use this flaw to change the ciphersuite\nassociated with a cached session stored on the server, if the server\nenabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly\nforcing the client to use a weaker ciphersuite after resuming the session.\n(CVE-2010-4180, CVE-2008-7270)\n\nNote: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\noption has no effect and this bug workaround can no longer be enabled.\n\nIt was discovered that OpenSSL did not always check the return value of the\nbn_wexpand() function. An attacker able to trigger a memory allocation\nfailure in that function could possibly crash an application using the\nOpenSSL library and its UBSEC hardware engine support. (CVE-2009-3245)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0977", "url": "https://access.redhat.com/errata/RHSA-2010:0977" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "570924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570924" }, { "category": "external", "summary": "659462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "category": "external", "summary": "660650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660650" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0977.json" } ], "title": "Red Hat Security Advisory: openssl security update", "tracking": { "current_release_date": "2024-11-14T10:50:08+00:00", "generator": { "date": "2024-11-14T10:50:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0977", "initial_release_date": "2010-12-13T18:13:00+00:00", "revision_history": [ { "date": "2010-12-13T18:13:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-12-13T13:14:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:50:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4", "product": { "name": "Red Hat Enterprise Linux AS version 4", "product_id": "4AS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::as" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop version 4", "product": { "name": "Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4", "product": { "name": "Red Hat Enterprise Linux ES version 4", "product_id": "4ES", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::es" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4", "product": { "name": "Red Hat Enterprise Linux WS version 4", "product_id": "4WS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::ws" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "product": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "product_id": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.7a-43.17.el4_8.6?arch=ia64" } } }, { "category": "product_version", "name": "openssl-0:0.9.7a-43.17.el4_8.6.ia64", "product": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ia64", "product_id": "openssl-0:0.9.7a-43.17.el4_8.6.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.7a-43.17.el4_8.6?arch=ia64" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "product": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "product_id": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.7a-43.17.el4_8.6?arch=ia64" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "product": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "product_id": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.7a-43.17.el4_8.6?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "openssl-0:0.9.7a-43.17.el4_8.6.i686", "product": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.i686", "product_id": "openssl-0:0.9.7a-43.17.el4_8.6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.7a-43.17.el4_8.6?arch=i686" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "product": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "product_id": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.7a-43.17.el4_8.6?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "product": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "product_id": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.7a-43.17.el4_8.6?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "product": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "product_id": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.7a-43.17.el4_8.6?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "product": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "product_id": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.7a-43.17.el4_8.6?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "product": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "product_id": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.7a-43.17.el4_8.6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "product": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "product_id": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.7a-43.17.el4_8.6?arch=i386" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "product": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "product_id": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.7a-43.17.el4_8.6?arch=i386" } } }, { "category": "product_version", "name": "openssl-0:0.9.7a-43.17.el4_8.6.i386", "product": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.i386", "product_id": "openssl-0:0.9.7a-43.17.el4_8.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.7a-43.17.el4_8.6?arch=i386" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "product": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "product_id": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.7a-43.17.el4_8.6?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "openssl-0:0.9.7a-43.17.el4_8.6.src", "product": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.src", "product_id": "openssl-0:0.9.7a-43.17.el4_8.6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.7a-43.17.el4_8.6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "product": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "product_id": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.7a-43.17.el4_8.6?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "product": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "product_id": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.7a-43.17.el4_8.6?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "product": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "product_id": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.7a-43.17.el4_8.6?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "product": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "product_id": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.7a-43.17.el4_8.6?arch=ppc" } } }, { "category": "product_version", "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc", "product": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc", "product_id": "openssl-0:0.9.7a-43.17.el4_8.6.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.7a-43.17.el4_8.6?arch=ppc" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "product": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "product_id": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.7a-43.17.el4_8.6?arch=ppc" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "product": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "product_id": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.7a-43.17.el4_8.6?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "product": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "product_id": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.7a-43.17.el4_8.6?arch=s390x" } } }, { "category": "product_version", "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390x", "product": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390x", "product_id": "openssl-0:0.9.7a-43.17.el4_8.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.7a-43.17.el4_8.6?arch=s390x" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "product": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "product_id": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.7a-43.17.el4_8.6?arch=s390x" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "product": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "product_id": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.7a-43.17.el4_8.6?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "product": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "product_id": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.7a-43.17.el4_8.6?arch=s390" } } }, { "category": "product_version", "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390", "product": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390", "product_id": "openssl-0:0.9.7a-43.17.el4_8.6.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.7a-43.17.el4_8.6?arch=s390" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "product": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "product_id": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.7a-43.17.el4_8.6?arch=s390" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "product": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "product_id": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.7a-43.17.el4_8.6?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.i686 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i686" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.i686", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.src as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-0:0.9.7a-43.17.el4_8.6.src" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.src", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.i686 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i686" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.i686", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.src as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.src" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.src", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.i686 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i686" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.i686", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.src as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-0:0.9.7a-43.17.el4_8.6.src" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.src", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.i686 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i686" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.i686", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.src as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-0:0.9.7a-43.17.el4_8.6.src" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.src", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" }, "product_reference": "openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "relates_to_product_reference": "4WS" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-7270", "discovery_date": "2010-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "660650" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.src", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.src", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-7270" }, { "category": "external", "summary": "RHBZ#660650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-7270", "url": "https://www.cve.org/CVERecord?id=CVE-2008-7270" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-7270", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7270" } ], "release_date": "2010-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-13T18:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.src", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.src", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0977" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.src", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.src", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack" }, { "cve": "CVE-2009-3245", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2010-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "570924" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: missing bn_wexpand return value checks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.src", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.src", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3245" }, { "category": "external", "summary": "RHBZ#570924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570924" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3245", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3245", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3245" } ], "release_date": "2010-02-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-13T18:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.src", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.src", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0977" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.src", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.src", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: missing bn_wexpand return value checks" }, { "cve": "CVE-2010-4180", "discovery_date": "2010-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "659462" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.src", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.src", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4180" }, { "category": "external", "summary": "RHBZ#659462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4180", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180" } ], "release_date": "2010-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-13T18:13:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.src", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.src", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0977" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4AS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4AS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.src", "4Desktop:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4Desktop:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.src", "4ES:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4ES:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.src", "4WS:openssl-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.i686", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-debuginfo-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.ppc64", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-devel-0:0.9.7a-43.17.el4_8.6.x86_64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.i386", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ia64", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.ppc", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.s390x", "4WS:openssl-perl-0:0.9.7a-43.17.el4_8.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack" } ] }
rhsa-2011_0896
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "JBoss Enterprise Web Server 1.0.2 is now available from the Red Hat\nCustomer Portal for Red Hat Enterprise Linux 4, 5 and 6, Solaris, and\nMicrosoft Windows.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise Web Server is a fully-integrated and certified set of\ncomponents for hosting Java web applications.\n\nThis is the first release of JBoss Enterprise Web Server for Red Hat\nEnterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, Solaris, and\nMicrosoft Windows, this release serves as a replacement for JBoss\nEnterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to\nthe Release Notes, linked in the References, for more information.\n\nThis update corrects security flaws in the following components:\n\ntomcat6:\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. If a remote attacker\ncould trick a user who is logged into the Manager application into visiting\na specially-crafted URL, the attacker could perform Manager application\ntasks with the privileges of the logged in user. (CVE-2010-4172)\n\ntomcat5 and tomcat6:\n\nIt was found that web applications could modify the location of the Apache\nTomcat host\u0027s work directory. As web applications deployed on Tomcat have\nread and write access to this directory, a malicious web application could\nuse this flaw to trick Tomcat into giving it read and write access to an\narbitrary directory on the file system. (CVE-2010-3718)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to conduct an\nXSS attack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web pages.\n(CVE-2011-0013)\n\nA possible minor information leak was found in the way Apache Tomcat\ngenerated HTTP BASIC and DIGEST authentication requests. For configurations\nwhere a realm name was not specified and Tomcat was accessed via a proxy,\nthe default generated realm contained the hostname and port used by the\nproxy to send requests to the Tomcat server. (CVE-2010-1157)\n\nhttpd:\n\nA flaw was found in the way the mod_dav module of the Apache HTTP Server\nhandled certain requests. If a remote attacker were to send a carefully\ncrafted request to the server, it could cause the httpd child process to\ncrash. (CVE-2010-1452)\n\nA flaw was discovered in the way the mod_proxy_http module of the Apache\nHTTP Server handled the timeouts of requests forwarded by a reverse proxy\nto the back-end server. In some configurations, the proxy could return\na response intended for another user under certain timeout conditions,\npossibly leading to information disclosure. Note: This issue only affected\nhttpd running on the Windows operating system. (CVE-2010-2068)\n\napr:\n\nIt was found that the apr_fnmatch() function used an unconstrained\nrecursion when processing patterns with the \u0027*\u0027 wildcard. An attacker could\nuse this flaw to cause an application using this function, which also\naccepted untrusted input as a pattern for matching (such as an httpd server\nusing the mod_autoindex module), to exhaust all stack memory or use an\nexcessive amount of CPU time when performing matching. (CVE-2011-0419)\n\napr-util:\n\nIt was found that certain input could cause the apr-util library to\nallocate more memory than intended in the apr_brigade_split_line()\nfunction. An attacker able to provide input in small chunks to an\napplication using the apr-util library (such as httpd) could possibly use\nthis flaw to trigger high memory consumption. (CVE-2010-1623)\n\nThe following flaws were corrected in the packages for Solaris and Windows.\nUpdates for Red Hat Enterprise Linux can be downloaded from the Red Hat\nNetwork.\n\nMultiple flaws in OpenSSL, which could possibly cause a crash, code\nexecution, or a change of session parameters, have been corrected.\n(CVE-2009-3245, CVE-2010-4180, CVE-2008-7270)\n\nTwo denial of service flaws were corrected in Expat. (CVE-2009-3560,\nCVE-2009-3720)\n\nAn X.509 certificate verification flaw was corrected in OpenLDAP.\n(CVE-2009-3767)\n\nMore information about these flaws is available from the CVE links in the\nReferences.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2011:0896", "url": "https://access.redhat.com/errata/RHSA-2011:0896" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html-single/Release_Notes_1.0.2/index.html", "url": "http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html-single/Release_Notes_1.0.2/index.html" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=1.0.2", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=1.0.2" }, { "category": "external", "summary": "530715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530715" }, { "category": "external", "summary": "531697", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531697" }, { "category": "external", "summary": "533174", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533174" }, { "category": "external", "summary": "570924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570924" }, { "category": "external", "summary": "585331", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=585331" }, { "category": "external", "summary": "618189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618189" }, { "category": "external", "summary": "632994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=632994" }, { "category": "external", "summary": "640281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640281" }, { "category": "external", "summary": "656246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=656246" }, { "category": "external", "summary": "659462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "category": "external", "summary": "660650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660650" }, { "category": "external", "summary": "675786", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675786" }, { "category": "external", "summary": "675792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675792" }, { "category": "external", "summary": "703390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703390" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0896.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.2 update", "tracking": { "current_release_date": "2024-11-14T10:50:04+00:00", "generator": { "date": "2024-11-14T10:50:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2011:0896", "initial_release_date": "2011-06-22T23:14:00+00:00", "revision_history": [ { "date": "2011-06-22T23:14:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2011-06-22T19:16:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:50:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 1.0", "product": { "name": "Red Hat JBoss Web Server 1.0", "product_id": "Red Hat JBoss Web Server 1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-7270", "discovery_date": "2010-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "660650" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-7270" }, { "category": "external", "summary": "RHBZ#660650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-7270", "url": "https://www.cve.org/CVERecord?id=CVE-2008-7270" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-7270", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7270" } ], "release_date": "2010-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack" }, { "cve": "CVE-2009-3245", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2010-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "570924" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: missing bn_wexpand return value checks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3245" }, { "category": "external", "summary": "RHBZ#570924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570924" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3245", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3245", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3245" } ], "release_date": "2010-02-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: missing bn_wexpand return value checks" }, { "cve": "CVE-2009-3560", "discovery_date": "2009-11-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533174" } ], "notes": [ { "category": "description", "text": "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3560" }, { "category": "external", "summary": "RHBZ#533174", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533174" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3560", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3560", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3560" } ], "release_date": "2009-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences" }, { "cve": "CVE-2009-3720", "discovery_date": "2009-08-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "531697" } ], "notes": [ { "category": "description", "text": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: buffer over-read and crash on XML with malformed UTF-8 sequences", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3720" }, { "category": "external", "summary": "RHBZ#531697", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531697" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3720", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3720", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3720" } ], "release_date": "2009-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: buffer over-read and crash on XML with malformed UTF-8 sequences" }, { "cve": "CVE-2009-3767", "discovery_date": "2009-08-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "530715" } ], "notes": [ { "category": "description", "text": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenLDAP: Doesn\u0027t properly handle NULL character in subject Common Name", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue was addressed in the openldap packages as shipped with Red Hat Enterprise Linux 5 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0198.html and https://rhn.redhat.com/errata/RHSA-2010-0543.html respectively.\n\nThe Red Hat Security Response Team has rated this issue as having moderate security impact, a future openldap update may address this flaw in Red Hat Enterprise Linux 3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3767" }, { "category": "external", "summary": "RHBZ#530715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530715" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3767", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3767" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3767", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3767" } ], "release_date": "2009-08-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenLDAP: Doesn\u0027t properly handle NULL character in subject Common Name" }, { "cve": "CVE-2010-1157", "discovery_date": "2010-04-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "585331" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server\u0027s hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: information disclosure in authentication headers", "title": "Vulnerability summary" }, { "category": "other", "text": "The risks associated with fixing this flaw are greater than the low severity security risk. We therefore have no plans to fix this flaw. The information leak can be avoided by adjusting the configuration to always specify a realm-name.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1157" }, { "category": "external", "summary": "RHBZ#585331", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=585331" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1157", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1157" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1157", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1157" } ], "release_date": "2010-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: information disclosure in authentication headers" }, { "cve": "CVE-2010-1452", "discovery_date": "2010-07-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "618189" } ], "notes": [ { "category": "description", "text": "The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1452" }, { "category": "external", "summary": "RHBZ#618189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618189" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1452", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1452" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1452", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1452" } ], "release_date": "2010-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments" }, { "cve": "CVE-2010-1623", "discovery_date": "2010-10-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "640281" } ], "notes": [ { "category": "description", "text": "Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util: high memory consumption in apr_brigade_split_line()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1623" }, { "category": "external", "summary": "RHBZ#640281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640281" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1623", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1623" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1623", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1623" } ], "release_date": "2010-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util: high memory consumption in apr_brigade_split_line()" }, { "cve": "CVE-2010-2068", "discovery_date": "2010-09-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "632994" } ], "notes": [ { "category": "description", "text": "mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.", "title": "Vulnerability description" }, { "category": "summary", "text": "(mod_proxy): Sensitive response disclosure due improper handling of timeouts", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-2068" }, { "category": "external", "summary": "RHBZ#632994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=632994" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2068", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2068" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2068", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2068" } ], "release_date": "2010-06-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "(mod_proxy): Sensitive response disclosure due improper handling of timeouts" }, { "cve": "CVE-2010-3718", "discovery_date": "2011-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "675792" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: file permission bypass flaw", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-3718" }, { "category": "external", "summary": "RHBZ#675792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675792" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3718", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3718" } ], "release_date": "2011-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: file permission bypass flaw" }, { "cve": "CVE-2010-4172", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2010-11-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "656246" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: cross-site-scripting vulnerability in the manager application", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4172" }, { "category": "external", "summary": "RHBZ#656246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=656246" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4172", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4172" } ], "release_date": "2010-11-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: cross-site-scripting vulnerability in the manager application" }, { "cve": "CVE-2010-4180", "discovery_date": "2010-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "659462" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4180" }, { "category": "external", "summary": "RHBZ#659462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4180", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180" } ], "release_date": "2010-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack" }, { "cve": "CVE-2011-0013", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2011-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "675786" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: XSS vulnerability in HTML Manager interface", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0013" }, { "category": "external", "summary": "RHBZ#675786", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675786" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0013", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0013" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0013", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0013" } ], "release_date": "2011-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: XSS vulnerability in HTML Manager interface" }, { "acknowledgments": [ { "names": [ "Maksymilian Arciemowicz" ] } ], "cve": "CVE-2011-0419", "discovery_date": "2011-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "703390" } ], "notes": [ { "category": "description", "text": "Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr: unconstrained recursion in apr_fnmatch", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0419" }, { "category": "external", "summary": "RHBZ#703390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703390" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0419", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0419" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0419", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0419" } ], "release_date": "2011-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" }, { "category": "workaround", "details": "mod_autoindex can be configured to ignore request query arguments provided by the client by adding IgnoreClient option to the IndexOptions directive:\n\nhttp://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexoptions.ignoreclient", "product_ids": [ "Red Hat JBoss Web Server 1.0" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr: unconstrained recursion in apr_fnmatch" }, { "cve": "CVE-2012-4557", "discovery_date": "2012-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "871685" } ], "notes": [ { "category": "description", "text": "The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_ajp worker moved to error state when timeout exceeded", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the version of httpd as shipped with Red Hat Enterprise Linux 5.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4557" }, { "category": "external", "summary": "RHBZ#871685", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=871685" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4557", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4557" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4557", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4557" } ], "release_date": "2012-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-06-22T23:14:00+00:00", "details": "All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Web Server 1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0896" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 1.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_proxy_ajp worker moved to error state when timeout exceeded" } ] }
rhsa-2010_0979
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated openssl packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", "title": "Topic" }, { "category": "general", "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.\nA remote attacker could possibly use this flaw to change the ciphersuite\nassociated with a cached session stored on the server, if the server\nenabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly\nforcing the client to use a weaker ciphersuite after resuming the session.\n(CVE-2010-4180)\n\nNote: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\noption has no effect and this bug workaround can no longer be enabled.\n\nAll OpenSSL users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. For the update to take effect, all\nservices linked to the OpenSSL library must be restarted, or the system\nrebooted.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0979", "url": "https://access.redhat.com/errata/RHSA-2010:0979" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "659462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0979.json" } ], "title": "Red Hat Security Advisory: openssl security update", "tracking": { "current_release_date": "2024-11-05T17:24:47+00:00", "generator": { "date": "2024-11-05T17:24:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2010:0979", "initial_release_date": "2010-12-13T18:39:00+00:00", "revision_history": [ { "date": "2010-12-13T18:39:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-12-13T13:41:05+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:24:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "openssl-0:1.0.0-4.el6_0.2.src", "product": { "name": "openssl-0:1.0.0-4.el6_0.2.src", "product_id": "openssl-0:1.0.0-4.el6_0.2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-4.el6_0.2?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "product": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "product_id": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.0-4.el6_0.2?arch=i686" } } }, { "category": "product_version", "name": "openssl-static-0:1.0.0-4.el6_0.2.i686", "product": { "name": "openssl-static-0:1.0.0-4.el6_0.2.i686", "product_id": "openssl-static-0:1.0.0-4.el6_0.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.0-4.el6_0.2?arch=i686" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "product": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "product_id": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-4.el6_0.2?arch=i686" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-4.el6_0.2.i686", "product": { "name": "openssl-0:1.0.0-4.el6_0.2.i686", "product_id": "openssl-0:1.0.0-4.el6_0.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-4.el6_0.2?arch=i686" } } }, { "category": "product_version", "name": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "product": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "product_id": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-4.el6_0.2?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "product": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "product_id": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.0-4.el6_0.2?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "product": { "name": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "product_id": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.0-4.el6_0.2?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "product": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "product_id": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-4.el6_0.2?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "product": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "product_id": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-4.el6_0.2?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-4.el6_0.2.ppc64", "product": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc64", "product_id": "openssl-0:1.0.0-4.el6_0.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-4.el6_0.2?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "product": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "product_id": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.0-4.el6_0.2?arch=s390x" } } }, { "category": "product_version", "name": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "product": { "name": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "product_id": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.0-4.el6_0.2?arch=s390x" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "product": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "product_id": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-4.el6_0.2?arch=s390x" } } }, { "category": "product_version", "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "product": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "product_id": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-4.el6_0.2?arch=s390x" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-4.el6_0.2.s390x", "product": { "name": "openssl-0:1.0.0-4.el6_0.2.s390x", "product_id": "openssl-0:1.0.0-4.el6_0.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-4.el6_0.2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "product": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "product_id": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.0-4.el6_0.2?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "product": { "name": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "product_id": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.0-4.el6_0.2?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "product": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "product_id": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-4.el6_0.2?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-4.el6_0.2.x86_64", "product": { "name": "openssl-0:1.0.0-4.el6_0.2.x86_64", "product_id": "openssl-0:1.0.0-4.el6_0.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-4.el6_0.2?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "product": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "product_id": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-4.el6_0.2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "product": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "product_id": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-4.el6_0.2?arch=ppc" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-4.el6_0.2.ppc", "product": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc", "product_id": "openssl-0:1.0.0-4.el6_0.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-4.el6_0.2?arch=ppc" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "product": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "product_id": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-4.el6_0.2?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "product": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "product_id": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-4.el6_0.2?arch=s390" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-4.el6_0.2.s390", "product": { "name": "openssl-0:1.0.0-4.el6_0.2.s390", "product_id": "openssl-0:1.0.0-4.el6_0.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-4.el6_0.2?arch=s390" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "product": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "product_id": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-4.el6_0.2?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-0:1.0.0-4.el6_0.2.src" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.src", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-0:1.0.0-4.el6_0.2.src" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.src", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-devel-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-devel-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-devel-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-devel-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-devel-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-devel-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-perl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-perl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-perl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-perl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-static-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-static-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-static-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client:openssl-static-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.src" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.src", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.src" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.src", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6ComputeNode" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-0:1.0.0-4.el6_0.2.src" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.src", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.src as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-0:1.0.0-4.el6_0.2.src" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.src", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-devel-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-devel-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-devel-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-devel-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-devel-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-devel-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-perl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-perl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-perl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-perl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-static-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-static-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-static-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server:openssl-static-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.src" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.src", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-0:1.0.0-4.el6_0.2.src" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.src", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.i686" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.i686", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.ppc64", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.s390x", "relates_to_product_reference": "6Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-4.el6_0.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-4.el6_0.2.x86_64", "relates_to_product_reference": "6Workstation" } ] }, "vulnerabilities": [ { "cve": "CVE-2010-4180", "discovery_date": "2010-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "659462" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.src", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-0:1.0.0-4.el6_0.2.ppc", "6Client:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-0:1.0.0-4.el6_0.2.s390", "6Client:openssl-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-0:1.0.0-4.el6_0.2.src", "6Client:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.src", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.s390", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.src", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.src", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-0:1.0.0-4.el6_0.2.ppc", "6Server:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-0:1.0.0-4.el6_0.2.s390", "6Server:openssl-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-0:1.0.0-4.el6_0.2.src", "6Server:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.src", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-0:1.0.0-4.el6_0.2.ppc", "6Workstation:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-0:1.0.0-4.el6_0.2.s390", "6Workstation:openssl-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-0:1.0.0-4.el6_0.2.src", "6Workstation:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4180" }, { "category": "external", "summary": "RHBZ#659462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4180", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180" } ], "release_date": "2010-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-13T18:39:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "6Client-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.src", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-0:1.0.0-4.el6_0.2.ppc", "6Client:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-0:1.0.0-4.el6_0.2.s390", "6Client:openssl-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-0:1.0.0-4.el6_0.2.src", "6Client:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.src", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.s390", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.src", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.src", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-0:1.0.0-4.el6_0.2.ppc", "6Server:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-0:1.0.0-4.el6_0.2.s390", "6Server:openssl-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-0:1.0.0-4.el6_0.2.src", "6Server:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.src", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-0:1.0.0-4.el6_0.2.ppc", "6Workstation:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-0:1.0.0-4.el6_0.2.s390", "6Workstation:openssl-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-0:1.0.0-4.el6_0.2.src", "6Workstation:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0979" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "6Client-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.src", "6Client-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Client-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-0:1.0.0-4.el6_0.2.ppc", "6Client:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-0:1.0.0-4.el6_0.2.s390", "6Client:openssl-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-0:1.0.0-4.el6_0.2.src", "6Client:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Client:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Client:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Client:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Client:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.src", "6ComputeNode-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.s390", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.src", "6ComputeNode:openssl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.i686", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6ComputeNode:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.src", "6Server-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Server-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-0:1.0.0-4.el6_0.2.ppc", "6Server:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-0:1.0.0-4.el6_0.2.s390", "6Server:openssl-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-0:1.0.0-4.el6_0.2.src", "6Server:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Server:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Server:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Server:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Server:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.ppc", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.s390", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.src", "6Workstation-optional:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Workstation-optional:openssl-static-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-0:1.0.0-4.el6_0.2.ppc", "6Workstation:openssl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-0:1.0.0-4.el6_0.2.s390", "6Workstation:openssl-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-0:1.0.0-4.el6_0.2.src", "6Workstation:openssl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-debuginfo-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.ppc", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.s390", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-devel-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-perl-0:1.0.0-4.el6_0.2.x86_64", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.i686", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.ppc64", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.s390x", "6Workstation:openssl-static-0:1.0.0-4.el6_0.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack" } ] }
rhsa-2010_0978
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated openssl packages that fix two security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.\nA remote attacker could possibly use this flaw to change the ciphersuite\nassociated with a cached session stored on the server, if the server\nenabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly\nforcing the client to use a weaker ciphersuite after resuming the session.\n(CVE-2010-4180, CVE-2008-7270)\n\nNote: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\noption has no effect and this bug workaround can no longer be enabled.\n\nAll OpenSSL users should upgrade to these updated packages, which contain a\nbackported patch to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0978", "url": "https://access.redhat.com/errata/RHSA-2010:0978" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "659462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "category": "external", "summary": "660650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660650" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0978.json" } ], "title": "Red Hat Security Advisory: openssl security update", "tracking": { "current_release_date": "2024-11-05T17:24:41+00:00", "generator": { "date": "2024-11-05T17:24:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2010:0978", "initial_release_date": "2010-12-13T18:34:00+00:00", "revision_history": [ { "date": "2010-12-13T18:34:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-12-13T13:35:43+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:24:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "product": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "product_id": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-12.el5_5.7?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "product": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "product_id": "openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-12.el5_5.7?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-12.el5_5.7.x86_64", "product": { "name": "openssl-0:0.9.8e-12.el5_5.7.x86_64", "product_id": "openssl-0:0.9.8e-12.el5_5.7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-12.el5_5.7?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "product": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "product_id": "openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.8e-12.el5_5.7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "product": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "product_id": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-12.el5_5.7?arch=i386" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-12.el5_5.7.i386", "product": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.i386", "product_id": "openssl-devel-0:0.9.8e-12.el5_5.7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-12.el5_5.7?arch=i386" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-12.el5_5.7.i386", "product": { "name": "openssl-0:0.9.8e-12.el5_5.7.i386", "product_id": "openssl-0:0.9.8e-12.el5_5.7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-12.el5_5.7?arch=i386" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.8e-12.el5_5.7.i386", "product": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.i386", "product_id": "openssl-perl-0:0.9.8e-12.el5_5.7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.8e-12.el5_5.7?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "openssl-0:0.9.8e-12.el5_5.7.src", "product": { "name": "openssl-0:0.9.8e-12.el5_5.7.src", "product_id": "openssl-0:0.9.8e-12.el5_5.7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-12.el5_5.7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "product": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "product_id": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-12.el5_5.7?arch=i686" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-12.el5_5.7.i686", "product": { "name": "openssl-0:0.9.8e-12.el5_5.7.i686", "product_id": "openssl-0:0.9.8e-12.el5_5.7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-12.el5_5.7?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "product": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "product_id": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-12.el5_5.7?arch=ia64" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-12.el5_5.7.ia64", "product": { "name": "openssl-0:0.9.8e-12.el5_5.7.ia64", "product_id": "openssl-0:0.9.8e-12.el5_5.7.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-12.el5_5.7?arch=ia64" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "product": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "product_id": "openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-12.el5_5.7?arch=ia64" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "product": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "product_id": "openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.8e-12.el5_5.7?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "product": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "product_id": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-12.el5_5.7?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-12.el5_5.7.ppc64", "product": { "name": "openssl-0:0.9.8e-12.el5_5.7.ppc64", "product_id": "openssl-0:0.9.8e-12.el5_5.7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-12.el5_5.7?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "product": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "product_id": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-12.el5_5.7?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "product": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "product_id": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-12.el5_5.7?arch=ppc" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-12.el5_5.7.ppc", "product": { "name": "openssl-0:0.9.8e-12.el5_5.7.ppc", "product_id": "openssl-0:0.9.8e-12.el5_5.7.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-12.el5_5.7?arch=ppc" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "product": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "product_id": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-12.el5_5.7?arch=ppc" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "product": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "product_id": "openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.8e-12.el5_5.7?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "product": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "product_id": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-12.el5_5.7?arch=s390x" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-12.el5_5.7.s390x", "product": { "name": "openssl-0:0.9.8e-12.el5_5.7.s390x", "product_id": "openssl-0:0.9.8e-12.el5_5.7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-12.el5_5.7?arch=s390x" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "product": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "product_id": "openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-12.el5_5.7?arch=s390x" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "product": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "product_id": "openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.8e-12.el5_5.7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "product": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "product_id": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-12.el5_5.7?arch=s390" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-12.el5_5.7.s390", "product": { "name": "openssl-0:0.9.8e-12.el5_5.7.s390", "product_id": "openssl-0:0.9.8e-12.el5_5.7.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-12.el5_5.7?arch=s390" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-12.el5_5.7.s390", "product": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.s390", "product_id": "openssl-devel-0:0.9.8e-12.el5_5.7.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-12.el5_5.7?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.i686 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i686" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.i686", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc64" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.ppc64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.s390", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.src" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.src", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.s390", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.i686 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-0:0.9.8e-12.el5_5.7.i686" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.i686", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc64" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.ppc64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-0:0.9.8e-12.el5_5.7.s390" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.s390", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-0:0.9.8e-12.el5_5.7.src" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.src", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.s390", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.i686 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-0:0.9.8e-12.el5_5.7.i686" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.i686", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc64" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.ppc64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-0:0.9.8e-12.el5_5.7.s390" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.s390", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-0:0.9.8e-12.el5_5.7.src" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.src", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.s390", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.i386" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ia64" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ppc" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.s390x" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-12.el5_5.7.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64" }, "product_reference": "openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "relates_to_product_reference": "5Server" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-7270", "discovery_date": "2010-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "660650" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.src", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-0:0.9.8e-12.el5_5.7.src", "5Client:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-0:0.9.8e-12.el5_5.7.src", "5Server:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-7270" }, { "category": "external", "summary": "RHBZ#660650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-7270", "url": "https://www.cve.org/CVERecord?id=CVE-2008-7270" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-7270", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7270" } ], "release_date": "2010-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-13T18:34:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.src", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-0:0.9.8e-12.el5_5.7.src", "5Client:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-0:0.9.8e-12.el5_5.7.src", "5Server:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0978" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.src", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-0:0.9.8e-12.el5_5.7.src", "5Client:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-0:0.9.8e-12.el5_5.7.src", "5Server:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack" }, { "cve": "CVE-2010-4180", "discovery_date": "2010-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "659462" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.src", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-0:0.9.8e-12.el5_5.7.src", "5Client:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-0:0.9.8e-12.el5_5.7.src", "5Server:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-4180" }, { "category": "external", "summary": "RHBZ#659462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-4180", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180" } ], "release_date": "2010-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-12-13T18:34:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.src", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-0:0.9.8e-12.el5_5.7.src", "5Client:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-0:0.9.8e-12.el5_5.7.src", "5Server:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0978" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.src", "5Client-Workstation:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client-Workstation:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-0:0.9.8e-12.el5_5.7.src", "5Client:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Client:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-0:0.9.8e-12.el5_5.7.src", "5Server:openssl-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.i686", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-debuginfo-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.ppc64", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-devel-0:0.9.8e-12.el5_5.7.x86_64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.i386", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ia64", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.ppc", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.s390x", "5Server:openssl-perl-0:0.9.8e-12.el5_5.7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack" } ] }
ghsa-hvp6-pw37-63wh
Vulnerability from github
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
{ "affected": [], "aliases": [ "CVE-2010-4180" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2010-12-06T21:05:00Z", "severity": "MODERATE" }, "details": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.", "id": "GHSA-hvp6-pw37-63wh", "modified": "2022-05-17T01:03:13Z", "published": "2022-05-17T01:03:13Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "type": "WEB", "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910" }, { "type": "WEB", "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "type": "WEB", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "type": "WEB", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html" }, { "type": "WEB", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "type": "WEB", "url": "http://openssl.org/news/secadv_20101202.txt" }, { "type": "WEB", "url": "http://osvdb.org/69565" }, { "type": "WEB", "url": "http://secunia.com/advisories/42469" }, { "type": "WEB", "url": "http://secunia.com/advisories/42473" }, { "type": "WEB", "url": "http://secunia.com/advisories/42493" }, { "type": "WEB", "url": "http://secunia.com/advisories/42571" }, { "type": "WEB", "url": "http://secunia.com/advisories/42620" }, { "type": "WEB", "url": "http://secunia.com/advisories/42811" }, { "type": "WEB", "url": "http://secunia.com/advisories/42877" }, { "type": "WEB", "url": "http://secunia.com/advisories/43169" }, { "type": "WEB", "url": "http://secunia.com/advisories/43170" }, { "type": "WEB", "url": "http://secunia.com/advisories/43171" }, { "type": "WEB", "url": "http://secunia.com/advisories/43172" }, { "type": "WEB", "url": "http://secunia.com/advisories/43173" }, { "type": "WEB", "url": "http://secunia.com/advisories/44269" }, { "type": "WEB", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT4723" }, { "type": "WEB", "url": "http://ubuntu.com/usn/usn-1029-1" }, { "type": "WEB", "url": "http://www.debian.org/security/2011/dsa-2141" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/737740" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/522176" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/45164" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1024822" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2011/0268" } ], "schema_version": "1.4.0", "severity": [] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.