Action not permitted
Modal body text goes here.
cve-2013-0166
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:18:09.381Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200" }, { "name": "RHSA-2013:0587", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "oval:org.mitre.oval:def:19360", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "name": "55139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55139" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "name": "HPSBUX02856", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SSRT101289", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "SSRT101108", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "RHSA-2013:0833", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "name": "53623", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/53623" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02909", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "DSA-2621", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2621" }, { "name": "RHSA-2013:0783", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "name": "APPLE-SA-2013-09-12-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "name": "55108", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55108" }, { "name": "RHSA-2013:0782", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "name": "HPSBOV02852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SSRT101104", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SUSE-SU-2015:0578", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.splunk.com/view/SP-CAAAHXG" }, { "name": "oval:org.mitre.oval:def:19487", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "name": "oval:org.mitre.oval:def:18754", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5880" }, { "name": "oval:org.mitre.oval:def:19081", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-08T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200" }, { "name": "RHSA-2013:0587", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "oval:org.mitre.oval:def:19360", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "name": "55139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55139" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "name": "HPSBUX02856", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SSRT101289", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "SSRT101108", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "RHSA-2013:0833", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "name": "53623", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/53623" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02909", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "DSA-2621", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2621" }, { "name": "RHSA-2013:0783", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "name": "APPLE-SA-2013-09-12-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "name": "55108", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55108" }, { "name": "RHSA-2013:0782", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "name": "HPSBOV02852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SSRT101104", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SUSE-SU-2015:0578", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.splunk.com/view/SP-CAAAHXG" }, { "name": "oval:org.mitre.oval:def:19487", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "name": "oval:org.mitre.oval:def:18754", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5880" }, { "name": "oval:org.mitre.oval:def:19081", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200", "refsource": "CONFIRM", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200" }, { "name": "RHSA-2013:0587", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "oval:org.mitre.oval:def:19360", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "name": "55139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55139" }, { "name": "http://www.openssl.org/news/secadv_20130204.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=908052", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "name": "HPSBUX02856", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SSRT101289", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "SSRT101108", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "RHSA-2013:0833", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" }, { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7", "refsource": "CONFIRM", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "name": "53623", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53623" }, { "name": "VU#737740", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02909", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "DSA-2621", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2621" }, { "name": "RHSA-2013:0783", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "name": "APPLE-SA-2013-09-12-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "name": "55108", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55108" }, { "name": "RHSA-2013:0782", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "name": "HPSBOV02852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SSRT101104", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SUSE-SU-2015:0578", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "http://www.splunk.com/view/SP-CAAAHXG", "refsource": "CONFIRM", "url": "http://www.splunk.com/view/SP-CAAAHXG" }, { "name": "oval:org.mitre.oval:def:19487", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "name": "oval:org.mitre.oval:def:18754", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "name": "http://support.apple.com/kb/HT5880", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5880" }, { "name": "oval:org.mitre.oval:def:19081", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0", "refsource": "CONFIRM", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0166", "datePublished": "2013-02-08T19:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.381Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2013-0166\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-02-08T19:55:00.967\",\"lastModified\":\"2023-11-07T02:13:45.943\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.\"},{\"lang\":\"es\",\"value\":\"OpenSSL antes de v0.9.8y, v1.0.0 antes de v1.0.0k y v1.0.1 antes de v1.0.1d no realizar correctamente la verificaci\u00f3n de firmas para las respuestas OCSP, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una tecla no v\u00e1lida.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14D983EC-61B0-4FD9-89B5-9878E4CE4405\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC4C5F05-BC0B-478D-9A6F-7C804777BA41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27F417A1-5D97-4BC4-8B97-5AC40236DA21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EDB5A09-BE86-4352-9799-A875649EDB7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6231CAA-00A8-41CE-8436-B84518014CF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A70AD93B-E876-4EAB-9970-752D42E15E99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F03FA9C0-24C7-46AC-92EC-7834BC34C79B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"716ADA01-38B8-4C15-A3BB-D9688DA30599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B73326F7-7DCE-4EDE-95D7-AE7AED263A14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5E4742C-A983-4F00-B24F-AB280C0E876D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA2D251C-9C45-4EFE-8262-E88AB7CE713A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D81E175-E698-40EF-9601-425893FFB1FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA0F25B7-A172-4300-8718-112E817A6165\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0628DF-3A4C-4078-B615-22260671EABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"52B1BE89-BAE0-4656-943B-B9B81D9B54B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D097222B-ED20-459C-9167-55751FA2C87A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"86DDC8F2-7920-4A73-927E-562C89806972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"962FCB86-15AD-4399-8B7D-EC1DEA919C59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"180D07AE-C571-4DD6-837C-43E2A946007A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90789533-C741-4B1C-A24B-2C77B9E4DE5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1520065B-46D7-48A4-B9D0-5B49F690C5B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AA526B9-726A-49D5-B3CA-EBE2DA303CA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"494E48E7-EF86-4860-9A53-94F6C313746E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2636B92E-47D5-42EA-9585-A2B84FBE71CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45A518E8-21BE-4C5C-B425-410AB1208E9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E3AB748-E463-445C-ABAB-4FEDDFD1878B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"660E4B8D-AABA-4520-BC4D-CF8E76E07C05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"85BFEED5-4941-41BB-93D1-CD5C2A41290E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"9644CC68-1E91-45E7-8C53-1E3FC9976A4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"73934717-2DA3-4614-A076-D6EDA5EB0626\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78E79A05-64F3-4397-952C-A5BB950C967D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"549BB01D-F322-4FE3-BDA2-4FEA8ED8568A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98693865-2E79-4BD6-9F89-1994BC9A3E73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6476506-EC37-4726-82DC-D0E8254A8CDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D6ECEF7-CB16-4604-894B-6EB19F1CEF55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C81EF3D-4DB7-4799-9670-8D79E28CA184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8116A66-175C-4E6D-9A9B-D54C1D97D213\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"382C1679-DA1D-4FA4-9D5E-B86CC5052D49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CA28812-8A24-4FE1-BED9-D6D5BB023645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9894D83E-2A27-446E-8B47-9C03CF802A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55A9AC4D-E19B-431F-8679-B62F5F46BCF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A4E446D-B9D3-45F2-9722-B41FA14A6C31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF4EA988-FC80-4170-8933-7C6663731981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64F8F53B-24A1-4877-B16E-F1917C4E4E81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75D3ACD5-905F-42BB-BE1A-8382E9D823BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"766EA6F2-7FA4-4713-9859-9971CCD2FDCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BB38AEA-BAF0-4920-9A71-747C24444770\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F33EA2B-DE15-4695-A383-7A337AC38908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"261EE631-AB43-44FE-B02A-DFAAB8D35927\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1365ED-4651-4AB2-A64B-43782EA2F0E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC82690C-DCED-47BA-AA93-4D0C9E95B806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43B90ED1-DAB4-4239-8AD8-87E8D568D5D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C9BF2DD-85EF-49CF-8D83-0DB46449E333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AEBE689-3952-46F0-BACA-BB03041C6D36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86C46AB8-52E5-4385-9C5C-F63FF9DB82AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"564AA4E7-223E-48D8-B3E0-A461969CF530\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35C2AE06-B6E8-41C4-BB60-177AC4819CE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB15C1F3-0DE8-4A50-B17C-618ECA58AABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45491BD3-7C62-4422-B7DA-CB2741890FBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"499E52F3-4B34-4C47-8ABF-292928EBAA5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D530BE19-ADCF-4B5C-99E0-2B9A1DE7717F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7540155-3629-4C76-9C67-8A8E0C1067F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"419BBCCD-6F8A-418A-BA02-56267B11D948\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A3A2AF8-C7DD-43D0-B03F-37E7EB735C1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10FF0A06-DA61-4250-B083-67E55E362677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6BA453-C150-4159-B80B-5465EFF83F11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"638A2E69-8AB6-4FEA-852A-FEF16A500C1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56C47D3A-B99D-401D-B6B8-1194B2DB4809\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08355B10-E004-4BE6-A5AE-4D428810580B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"738BCFDC-1C49-4774-95AE-E099F707DEF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4B242C0-D27D-4644-AD19-5ACB853C9DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DC683F2-4346-4E5E-A8D7-67B4F4D7827B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D1C00C0-C77E-4255-9ECA-20F2673C7366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C684FB18-FDDC-4BED-A28C-C23EE6CD0094\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A74A79A7-4FAF-4C81-8622-050008B96AE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B8C80A1-D1E7-42D4-8DBC-CB7637D7598E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EB3990A-3457-4CD6-9EEC-F2D4BC143932\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06110A61-8857-46D5-BEE1-882197756DED\"}]}]}],\"references\":[{\"url\":\"http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0587.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0782.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0783.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0833.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/53623\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/55108\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/55139\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT5880\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2013/dsa-2621\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/737740\",\"source\":\"secalert@redhat.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.openssl.org/news/secadv_20130204.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.splunk.com/view/SP-CAAAHXG\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=908052\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001\",\"source\":\"secalert@redhat.com\"}]}}" } }
rhsa-2013_1013
Vulnerability from csaf_redhat
Published
2013-07-03 16:18
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available from the Red Hat Customer Portal for Red Hat
Enterprise Linux 5 and 6, Solaris, and Microsoft Windows.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A NULL pointer dereference flaw was found in the OCSP response verification
in OpenSSL. A malicious OCSP server could use this flaw to crash
applications performing OCSP verification by sending a specially-crafted
response. (CVE-2013-0166)
It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites
were used. A remote attacker could possibly use this flaw to retrieve plain
text from the encrypted packets by using a TLS/SSL or DTLS server as a
padding oracle. (CVE-2013-0169)
Note: CVE-2013-0166 and CVE-2013-0169 were only corrected in the packages
for Solaris and Windows. Updates for Red Hat Enterprise Linux can be
downloaded from the Red Hat Network.
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss Web Server 2.0.1,
which corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available from the Red Hat Customer Portal for Red Hat\nEnterprise Linux 5 and 6, Solaris, and Microsoft Windows.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nNote: CVE-2013-0166 and CVE-2013-0169 were only corrected in the packages\nfor Solaris and Windows. Updates for Red Hat Enterprise Linux can be\ndownloaded from the Red Hat Network.\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Web Server 2.0.1,\nwhich corrects these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:1013", "url": "https://access.redhat.com/errata/RHSA-2013:1013" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/", "url": "https://access.redhat.com/site/documentation/" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=2.0.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=2.0.1" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html", "url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html" }, { "category": "external", "summary": "907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "external", "summary": "915883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883" }, { "category": "external", "summary": "915884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884" }, { "category": "external", "summary": "961779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779" }, { "category": "external", "summary": "961783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783" }, { "category": "external", "summary": "961803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1013.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update", "tracking": { "current_release_date": "2024-11-14T12:15:45+00:00", "generator": { "date": "2024-11-14T12:15:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2013:1013", "initial_release_date": "2013-07-03T16:18:00+00:00", "revision_history": [ { "date": "2013-07-03T16:18:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-07-03T16:18:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T12:15:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 2.0", "product": { "name": "Red Hat JBoss Web Server 2.0", "product_id": "Red Hat JBoss Web Server 2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-3499", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2013-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "915883" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: multiple XSS flaws due to unescaped hostnames", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3499" }, { "category": "external", "summary": "RHBZ#915883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3499" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499" } ], "release_date": "2013-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T16:18:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).", "product_ids": [ "Red Hat JBoss Web Server 2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1013" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 2.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: multiple XSS flaws due to unescaped hostnames" }, { "cve": "CVE-2012-3544", "discovery_date": "2013-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "961783" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Limited DoS in chunked transfer encoding input filter", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3544" }, { "category": "external", "summary": "RHBZ#961783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3544" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544" } ], "release_date": "2013-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T16:18:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).", "product_ids": [ "Red Hat JBoss Web Server 2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1013" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 2.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Limited DoS in chunked transfer encoding input filter" }, { "cve": "CVE-2012-4558", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2013-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "915884" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: XSS flaw in mod_proxy_balancer manager interface", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4558" }, { "category": "external", "summary": "RHBZ#915884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558" } ], "release_date": "2013-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T16:18:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).", "product_ids": [ "Red Hat JBoss Web Server 2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1013" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 2.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: XSS flaw in mod_proxy_balancer manager interface" }, { "cve": "CVE-2013-0166", "discovery_date": "2013-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "908052" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: DoS due to improper handling of OCSP response verification", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0166" }, { "category": "external", "summary": "RHBZ#908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0166", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" } ], "release_date": "2013-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T16:18:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).", "product_ids": [ "Red Hat JBoss Web Server 2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1013" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 2.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: DoS due to improper handling of OCSP response verification" }, { "cve": "CVE-2013-0169", "discovery_date": "2013-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907589" } ], "notes": [ { "category": "description", "text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: CBC padding timing attack (lucky-13)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0169" }, { "category": "external", "summary": "RHBZ#907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/", "url": "http://www.isg.rhul.ac.uk/tls/" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" }, { "category": "external", "summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released" } ], "release_date": "2013-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T16:18:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).", "product_ids": [ "Red Hat JBoss Web Server 2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1013" }, { "category": "workaround", "details": "On OpenShift Container Platform 3.11 it\u0027s possible to edit the list of cipher suites offered by the router when performing \u0027edge\u0027, or \u0027re-encrypt\u0027 TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In \u0027passthrough\u0027 mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS", "product_ids": [ "Red Hat JBoss Web Server 2.0" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 2.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: CBC padding timing attack (lucky-13)" }, { "cve": "CVE-2013-2067", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2013-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "961779" } ], "notes": [ { "category": "description", "text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Session fixation in form authenticator", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2067" }, { "category": "external", "summary": "RHBZ#961779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067" } ], "release_date": "2013-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T16:18:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).", "product_ids": [ "Red Hat JBoss Web Server 2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1013" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 2.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Session fixation in form authenticator" }, { "cve": "CVE-2013-2071", "discovery_date": "2013-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "961803" } ], "notes": [ { "category": "description", "text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2071" }, { "category": "external", "summary": "RHBZ#961803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2071" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071" } ], "release_date": "2013-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T16:18:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).", "product_ids": [ "Red Hat JBoss Web Server 2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1013" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Server 2.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions" } ] }
rhsa-2013_0783
Vulnerability from csaf_redhat
Published
2013-05-01 17:59
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for the OpenSSL component for JBoss Enterprise Application
Platform 5.2.0 for Solaris and Microsoft Windows that fixes two security
issues is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the OCSP response verification
in OpenSSL. A malicious OCSP server could use this flaw to crash
applications performing OCSP verification by sending a specially-crafted
response. (CVE-2013-0166)
It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites
were used. A remote attacker could possibly use this flaw to retrieve plain
text from the encrypted packets by using a TLS/SSL or DTLS server as a
padding oracle. (CVE-2013-0169)
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation (including all applications
and configuration files).
All users of JBoss Enterprise Application Platform 5.2.0 for Solaris and
Microsoft Windows as provided from the Red Hat Customer Portal are advised
to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the OpenSSL component for JBoss Enterprise Application\nPlatform 5.2.0 for Solaris and Microsoft Windows that fixes two security\nissues is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 for Solaris and\nMicrosoft Windows as provided from the Red Hat Customer Portal are advised\nto apply this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0783", "url": "https://access.redhat.com/errata/RHSA-2013:0783" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=5.2.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=5.2.0" }, { "category": "external", "summary": "907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0783.json" } ], "title": "Red Hat Security Advisory: openssl security update", "tracking": { "current_release_date": "2024-11-14T12:15:21+00:00", "generator": { "date": "2024-11-14T12:15:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2013:0783", "initial_release_date": "2013-05-01T17:59:00+00:00", "revision_history": [ { "date": "2013-05-01T17:59:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:45:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T12:15:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 5.2", "product": { "name": "Red Hat JBoss Enterprise Application Platform 5.2", "product_id": "Red Hat JBoss Enterprise Application Platform 5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-0166", "discovery_date": "2013-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "908052" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: DoS due to improper handling of OCSP response verification", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 5.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0166" }, { "category": "external", "summary": "RHBZ#908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0166", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" } ], "release_date": "2013-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-01T17:59:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nJBoss server instances configured to use the Tomcat Native library must be\nrestarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 5.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0783" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 5.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: DoS due to improper handling of OCSP response verification" }, { "cve": "CVE-2013-0169", "discovery_date": "2013-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907589" } ], "notes": [ { "category": "description", "text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: CBC padding timing attack (lucky-13)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 5.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0169" }, { "category": "external", "summary": "RHBZ#907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/", "url": "http://www.isg.rhul.ac.uk/tls/" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" }, { "category": "external", "summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released" } ], "release_date": "2013-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-01T17:59:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nJBoss server instances configured to use the Tomcat Native library must be\nrestarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 5.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0783" }, { "category": "workaround", "details": "On OpenShift Container Platform 3.11 it\u0027s possible to edit the list of cipher suites offered by the router when performing \u0027edge\u0027, or \u0027re-encrypt\u0027 TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In \u0027passthrough\u0027 mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 5.2" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 5.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: CBC padding timing attack (lucky-13)" } ] }
rhsa-2013_0782
Vulnerability from csaf_redhat
Published
2013-05-01 17:58
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for the OpenSSL component for JBoss Enterprise Web Platform 5.2.0
for Solaris and Microsoft Windows that fixes two security issues is now
available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the OCSP response verification
in OpenSSL. A malicious OCSP server could use this flaw to crash
applications performing OCSP verification by sending a specially-crafted
response. (CVE-2013-0166)
It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites
were used. A remote attacker could possibly use this flaw to retrieve plain
text from the encrypted packets by using a TLS/SSL or DTLS server as a
padding oracle. (CVE-2013-0169)
Warning: Before applying this update, back up your existing JBoss
Enterprise Web Platform installation (including all applications and
configuration files).
All users of JBoss Enterprise Web Platform 5.2.0 for Solaris and Microsoft
Windows as provided from the Red Hat Customer Portal are advised to apply
this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the OpenSSL component for JBoss Enterprise Web Platform 5.2.0\nfor Solaris and Microsoft Windows that fixes two security issues is now\navailable from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Web Platform installation (including all applications and\nconfiguration files).\n\nAll users of JBoss Enterprise Web Platform 5.2.0 for Solaris and Microsoft\nWindows as provided from the Red Hat Customer Portal are advised to apply\nthis update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0782", "url": "https://access.redhat.com/errata/RHSA-2013:0782" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=enterpriseweb.platform\u0026version=5.2.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=enterpriseweb.platform\u0026version=5.2.0" }, { "category": "external", "summary": "907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0782.json" } ], "title": "Red Hat Security Advisory: openssl security update", "tracking": { "current_release_date": "2024-11-14T12:15:16+00:00", "generator": { "date": "2024-11-14T12:15:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2013:0782", "initial_release_date": "2013-05-01T17:58:00+00:00", "revision_history": [ { "date": "2013-05-01T17:58:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-05-01T18:03:43+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T12:15:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Platform 5.2", "product": { "name": "Red Hat JBoss Web Platform 5.2", "product_id": "Red Hat JBoss Web Platform 5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-0166", "discovery_date": "2013-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "908052" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: DoS due to improper handling of OCSP response verification", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Platform 5.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0166" }, { "category": "external", "summary": "RHBZ#908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0166", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" } ], "release_date": "2013-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-01T17:58:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Platform installation (including all\napplications and configuration files).\n\nJBoss server instances configured to use the Tomcat Native library must be\nrestarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Web Platform 5.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0782" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Platform 5.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: DoS due to improper handling of OCSP response verification" }, { "cve": "CVE-2013-0169", "discovery_date": "2013-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907589" } ], "notes": [ { "category": "description", "text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: CBC padding timing attack (lucky-13)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Platform 5.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0169" }, { "category": "external", "summary": "RHBZ#907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/", "url": "http://www.isg.rhul.ac.uk/tls/" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" }, { "category": "external", "summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released" } ], "release_date": "2013-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-01T17:58:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Platform installation (including all\napplications and configuration files).\n\nJBoss server instances configured to use the Tomcat Native library must be\nrestarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Web Platform 5.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0782" }, { "category": "workaround", "details": "On OpenShift Container Platform 3.11 it\u0027s possible to edit the list of cipher suites offered by the router when performing \u0027edge\u0027, or \u0027re-encrypt\u0027 TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In \u0027passthrough\u0027 mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS", "product_ids": [ "Red Hat JBoss Web Platform 5.2" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Web Platform 5.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: CBC padding timing attack (lucky-13)" } ] }
rhsa-2013_0833
Vulnerability from csaf_redhat
Published
2013-05-20 14:27
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 6.1.0 update
Notes
Topic
JBoss Enterprise Application Platform 6.1.0, which fixes multiple security
issues, various bugs, and adds enhancements, is now available from the Red
Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise Application Platform 6 is a platform for Java applications
based on JBoss Application Server 7.
This release serves as a replacement for JBoss Enterprise Application
Platform 6.0.1, and includes bug fixes and enhancements. Refer to the 6.1.0
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
Security fixes:
XML encryption backwards compatibility attacks were found against various
frameworks, including Apache CXF. An attacker could force a server to use
insecure, legacy cryptosystems, even when secure cryptosystems were enabled
on endpoints. By forcing the use of legacy cryptosystems, flaws such as
CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be
recovered from cryptograms and symmetric keys. (CVE-2012-5575)
Note: Automatic checks to prevent CVE-2012-5575 are only run when
WS-SecurityPolicy is used to enforce security requirements. It is best
practice to use WS-SecurityPolicy to enforce security requirements.
A NULL pointer dereference flaw was found in the OCSP response verification
in OpenSSL. A malicious OCSP server could use this flaw to crash
applications performing OCSP verification by sending a specially-crafted
response. (CVE-2013-0166)
It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites
were used. A remote attacker could possibly use this flaw to retrieve plain
text from the encrypted packets by using a TLS/SSL or DTLS server as a
padding oracle. (CVE-2013-0169)
When applications running on JBoss Web used the COOKIE session tracking
method, the org.apache.catalina.connector.Response.encodeURL() method
returned the URL with the jsessionid appended as a query string parameter
when processing the first request of a session. An attacker could possibly
exploit this flaw by performing a man-in-the-middle attack to obtain a
user's jsessionid and hijack their session, or by extracting the jsessionid
from log files. Note that no session tracking method is used by default,
one must be configured. (CVE-2012-4529)
If multiple applications used the same custom authorization module class
name, and provided their own implementations of it, the first application
to be loaded will have its implementation used for all other applications
using the same custom authorization module class name. A local attacker
could use this flaw to deploy a malicious application that provides
implementations of custom authorization modules that permit or deny user
access according to rules supplied by the attacker. (CVE-2012-4572)
The GUI installer created a world-readable auto-install XML file containing
both the JBoss Enterprise Application Platform administrator password and
the sucker password for the selected messaging system in plain text. A
local user able to access the directory where the GUI installer was run
could use this flaw to gain administrative access to the JBoss Enterprise
Application Platform instance. (CVE-2013-0218)
Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj
Somorovsky of Ruhr-University Bochum for reporting CVE-2012-5575.
CVE-2012-4572 was discovered by Josef Cacek of the Red Hat JBoss EAP
Quality Engineering team, and CVE-2013-0218 was discovered by Arun
Neelicattu of the Red Hat Security Response Team.
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation and deployed applications.
Users of JBoss Enterprise Application Platform 6.0.1 as provided from the
Red Hat Customer Portal are advised to upgrade to JBoss Enterprise
Application Platform 6.1.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "JBoss Enterprise Application Platform 6.1.0, which fixes multiple security\nissues, various bugs, and adds enhancements, is now available from the Red\nHat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise Application Platform 6 is a platform for Java applications\nbased on JBoss Application Server 7.\n\nThis release serves as a replacement for JBoss Enterprise Application\nPlatform 6.0.1, and includes bug fixes and enhancements. Refer to the 6.1.0\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nSecurity fixes:\n\nXML encryption backwards compatibility attacks were found against various\nframeworks, including Apache CXF. An attacker could force a server to use\ninsecure, legacy cryptosystems, even when secure cryptosystems were enabled\non endpoints. By forcing the use of legacy cryptosystems, flaws such as\nCVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be\nrecovered from cryptograms and symmetric keys. (CVE-2012-5575)\n\nNote: Automatic checks to prevent CVE-2012-5575 are only run when\nWS-SecurityPolicy is used to enforce security requirements. It is best\npractice to use WS-SecurityPolicy to enforce security requirements.\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nWhen applications running on JBoss Web used the COOKIE session tracking\nmethod, the org.apache.catalina.connector.Response.encodeURL() method\nreturned the URL with the jsessionid appended as a query string parameter\nwhen processing the first request of a session. An attacker could possibly\nexploit this flaw by performing a man-in-the-middle attack to obtain a\nuser\u0027s jsessionid and hijack their session, or by extracting the jsessionid\nfrom log files. Note that no session tracking method is used by default,\none must be configured. (CVE-2012-4529)\n\nIf multiple applications used the same custom authorization module class\nname, and provided their own implementations of it, the first application\nto be loaded will have its implementation used for all other applications\nusing the same custom authorization module class name. A local attacker\ncould use this flaw to deploy a malicious application that provides\nimplementations of custom authorization modules that permit or deny user\naccess according to rules supplied by the attacker. (CVE-2012-4572)\n\nThe GUI installer created a world-readable auto-install XML file containing\nboth the JBoss Enterprise Application Platform administrator password and\nthe sucker password for the selected messaging system in plain text. A\nlocal user able to access the directory where the GUI installer was run\ncould use this flaw to gain administrative access to the JBoss Enterprise\nApplication Platform instance. (CVE-2013-0218)\n\nRed Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj\nSomorovsky of Ruhr-University Bochum for reporting CVE-2012-5575.\nCVE-2012-4572 was discovered by Josef Cacek of the Red Hat JBoss EAP\nQuality Engineering team, and CVE-2013-0218 was discovered by Arun\nNeelicattu of the Red Hat Security Response Team.\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed applications.\n\nUsers of JBoss Enterprise Application Platform 6.0.1 as provided from the\nRed Hat Customer Portal are advised to upgrade to JBoss Enterprise\nApplication Platform 6.1.0.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0833", "url": "https://access.redhat.com/errata/RHSA-2013:0833" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/", "url": "https://access.redhat.com/site/documentation/" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=distributions", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=distributions" }, { "category": "external", "summary": "http://cxf.apache.org/cve-2012-5575.html", "url": "http://cxf.apache.org/cve-2012-5575.html" }, { "category": "external", "summary": "868202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=868202" }, { "category": "external", "summary": "872059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872059" }, { "category": "external", "summary": "880443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880443" }, { "category": "external", "summary": "903073", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903073" }, { "category": "external", "summary": "907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0833.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 6.1.0 update", "tracking": { "current_release_date": "2024-11-14T12:15:38+00:00", "generator": { "date": "2024-11-14T12:15:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2013:0833", "initial_release_date": "2013-05-20T14:27:00+00:00", "revision_history": [ { "date": "2013-05-20T14:27:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:44:34+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T12:15:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.1", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.1", "product_id": "Red Hat JBoss Enterprise Application Platform 6.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-4529", "discovery_date": "2012-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "868202" } ], "notes": [ { "category": "description", "text": "The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.", "title": "Vulnerability description" }, { "category": "summary", "text": "Web: jsessionid exposed via encoded url when using cookie based session tracking", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4529" }, { "category": "external", "summary": "RHBZ#868202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=868202" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4529", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4529" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4529", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4529" } ], "release_date": "2012-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-20T14:27:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Enterprise Application Platform installation and deployed\napplications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0833" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Web: jsessionid exposed via encoded url when using cookie based session tracking" }, { "acknowledgments": [ { "names": [ "Josef Cacek" ], "organization": "Red Hat JBoss EAP Quality Engineering team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2012-4572", "discovery_date": "2012-10-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "872059" } ], "notes": [ { "category": "description", "text": "Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications\u0027 authorization decisions via a crafted application.", "title": "Vulnerability description" }, { "category": "summary", "text": "JBoss: custom authorization module implementations shared between applications", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4572" }, { "category": "external", "summary": "RHBZ#872059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872059" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4572", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4572" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4572", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4572" } ], "release_date": "2013-05-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-20T14:27:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Enterprise Application Platform installation and deployed\napplications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0833" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "JBoss: custom authorization module implementations shared between applications" }, { "acknowledgments": [ { "names": [ "Tibor Jager", "Kenneth G. Paterson", "Juraj Somorovsky" ], "organization": "Ruhr-University Bochum" } ], "cve": "CVE-2012-5575", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2012-11-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "880443" } ], "notes": [ { "category": "description", "text": "Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka \"XML Encryption backwards compatibility attack.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: XML encryption backwards compatibility attacks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5575" }, { "category": "external", "summary": "RHBZ#880443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880443" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5575", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5575" }, { "category": "external", "summary": "http://cxf.apache.org/cve-2012-5575.html", "url": "http://cxf.apache.org/cve-2012-5575.html" }, { "category": "external", "summary": "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/", "url": "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/" } ], "release_date": "2013-03-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-20T14:27:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Enterprise Application Platform installation and deployed\napplications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0833" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: XML encryption backwards compatibility attacks" }, { "cve": "CVE-2013-0166", "discovery_date": "2013-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "908052" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: DoS due to improper handling of OCSP response verification", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0166" }, { "category": "external", "summary": "RHBZ#908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0166", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" } ], "release_date": "2013-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-20T14:27:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Enterprise Application Platform installation and deployed\napplications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0833" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: DoS due to improper handling of OCSP response verification" }, { "cve": "CVE-2013-0169", "discovery_date": "2013-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907589" } ], "notes": [ { "category": "description", "text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: CBC padding timing attack (lucky-13)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0169" }, { "category": "external", "summary": "RHBZ#907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/", "url": "http://www.isg.rhul.ac.uk/tls/" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" }, { "category": "external", "summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released" } ], "release_date": "2013-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-20T14:27:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Enterprise Application Platform installation and deployed\napplications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0833" }, { "category": "workaround", "details": "On OpenShift Container Platform 3.11 it\u0027s possible to edit the list of cipher suites offered by the router when performing \u0027edge\u0027, or \u0027re-encrypt\u0027 TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In \u0027passthrough\u0027 mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: CBC padding timing attack (lucky-13)" }, { "acknowledgments": [ { "names": [ "Arun Neelicattu" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-0218", "discovery_date": "2013-01-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "903073" } ], "notes": [ { "category": "description", "text": "The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.", "title": "Vulnerability description" }, { "category": "summary", "text": "Installer: Generated auto-install xml is world readable", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0218" }, { "category": "external", "summary": "RHBZ#903073", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903073" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0218", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0218" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0218", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0218" } ], "release_date": "2013-01-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-20T14:27:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Enterprise Application Platform installation and deployed\napplications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0833" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Installer: Generated auto-install xml is world readable" }, { "cve": "CVE-2013-2067", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2013-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "961779" } ], "notes": [ { "category": "description", "text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Session fixation in form authenticator", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2067" }, { "category": "external", "summary": "RHBZ#961779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067" } ], "release_date": "2013-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-05-20T14:27:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Enterprise Application Platform installation and deployed\napplications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0833" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Session fixation in form authenticator" } ] }
rhsa-2013_0636
Vulnerability from csaf_redhat
Published
2013-03-13 14:40
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update
Notes
Topic
An updated rhev-hypervisor6 package that fixes several security issues and
various bugs is now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
A flaw was found in the way QEMU-KVM emulated the e1000 network interface
card when the host was configured to accept jumbo network frames, and a
guest using the e1000 emulated driver was not. A remote attacker could use
this flaw to crash the guest or, potentially, execute arbitrary code with
root privileges in the guest. (CVE-2012-6075)
It was discovered that GnuTLS leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A
remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle.
(CVE-2013-1619)
It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites
were used. A remote attacker could possibly use this flaw to retrieve plain
text from the encrypted packets by using a TLS/SSL or DTLS server as a
padding oracle. (CVE-2013-0169)
A NULL pointer dereference flaw was found in the OCSP response verification
in OpenSSL. A malicious OCSP server could use this flaw to crash
applications performing OCSP verification by sending a specially-crafted
response. (CVE-2013-0166)
It was discovered that the TLS/SSL protocol could leak information about
plain text when optional compression was used. An attacker able to control
part of the plain text sent over an encrypted TLS/SSL connection could
possibly use this flaw to recover other portions of the plain text.
(CVE-2012-4929)
This updated package provides updated components that include fixes for
various security issues. These issues have no security impact on Red Hat
Enterprise Virtualization Hypervisor itself, however. The security fixes
included in this update address the following CVE numbers:
CVE-2013-0292 (dbus-glib issue)
CVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues)
CVE-2013-0338 (libxml2 issue)
This update contains the builds from the following errata:
ovirt-node: RHBA-2013:0634
https://rhn.redhat.com/errata/RHBA-2013-0634.html
kernel: RHSA-2013:0630
https://rhn.redhat.com/errata/RHSA-2013-0630.html
dbus-glib: RHSA-2013:0568
https://rhn.redhat.com/errata/RHSA-2013-0568.html
libcgroup: RHBA-2013:0560
https://rhn.redhat.com/errata/RHBA-2013-0560.html
vdsm: RHBA-2013:0635
https://rhn.redhat.com/errata/RHBA-2013-0635.html
selinux-policy: RHBA-2013:0618
https://rhn.redhat.com/errata/RHBA-2013-0618.html
qemu-kvm-rhev: RHSA-2013:0610
https://rhn.redhat.com/errata/RHSA-2013-0610.html
glusterfs: RHBA-2013:0620
https://rhn.redhat.com/errata/RHBA-2013-0620.html
gnutls: RHSA-2013:0588
https://rhn.redhat.com/errata/RHSA-2013-0588.html
ipmitool: RHBA-2013:0572
https://rhn.redhat.com/errata/RHBA-2013-0572.html
libxml2: RHSA-2013:0581
https://rhn.redhat.com/errata/RHSA-2013-0581.html
openldap: RHBA-2013:0598
https://rhn.redhat.com/errata/RHBA-2013-0598.html
openssl: RHSA-2013:0587
https://rhn.redhat.com/errata/RHSA-2013-0587.html
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which fixes these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated rhev-hypervisor6 package that fixes several security issues and\nvarious bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nIt was discovered that GnuTLS leaked timing information when decrypting\nTLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to retrieve plain text from\nthe encrypted packets by using a TLS/SSL server as a padding oracle.\n(CVE-2013-1619)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text.\n(CVE-2012-4929)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-0292 (dbus-glib issue)\n\nCVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues)\n\nCVE-2013-0338 (libxml2 issue)\n\nThis update contains the builds from the following errata:\n\novirt-node: RHBA-2013:0634\n https://rhn.redhat.com/errata/RHBA-2013-0634.html\nkernel: RHSA-2013:0630\n https://rhn.redhat.com/errata/RHSA-2013-0630.html\ndbus-glib: RHSA-2013:0568\n https://rhn.redhat.com/errata/RHSA-2013-0568.html\nlibcgroup: RHBA-2013:0560\n https://rhn.redhat.com/errata/RHBA-2013-0560.html\nvdsm: RHBA-2013:0635\n https://rhn.redhat.com/errata/RHBA-2013-0635.html\nselinux-policy: RHBA-2013:0618\n https://rhn.redhat.com/errata/RHBA-2013-0618.html\nqemu-kvm-rhev: RHSA-2013:0610\n https://rhn.redhat.com/errata/RHSA-2013-0610.html\nglusterfs: RHBA-2013:0620\n https://rhn.redhat.com/errata/RHBA-2013-0620.html\ngnutls: RHSA-2013:0588\n https://rhn.redhat.com/errata/RHSA-2013-0588.html\nipmitool: RHBA-2013:0572\n https://rhn.redhat.com/errata/RHBA-2013-0572.html\nlibxml2: RHSA-2013:0581\n https://rhn.redhat.com/errata/RHSA-2013-0581.html\nopenldap: RHBA-2013:0598\n https://rhn.redhat.com/errata/RHBA-2013-0598.html\nopenssl: RHSA-2013:0587\n https://rhn.redhat.com/errata/RHSA-2013-0587.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0636", "url": "https://access.redhat.com/errata/RHSA-2013:0636" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "url": "https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html" }, { "category": "external", "summary": "857051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051" }, { "category": "external", "summary": "889301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301" }, { "category": "external", "summary": "907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "external", "summary": "908238", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908238" }, { "category": "external", "summary": "913267", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913267" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0636.json" } ], "title": "Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update", "tracking": { "current_release_date": "2024-11-14T12:15:09+00:00", "generator": { "date": "2024-11-14T12:15:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2013:0636", "initial_release_date": "2013-03-13T14:40:00+00:00", "revision_history": [ { "date": "2013-03-13T14:40:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-03-13T14:47:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T12:15:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHEV Hypervisor for RHEL-6", "product": { "name": "RHEV Hypervisor for RHEL-6", "product_id": "6Server-RHEV-Hypervisor", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch", "product": { "name": "rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch", "product_id": "rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhev-hypervisor6@6.4-20130306.2.el6_4?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch as a component of RHEV Hypervisor for RHEL-6", "product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" }, "product_reference": "rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch", "relates_to_product_reference": "6Server-RHEV-Hypervisor" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-4929", "discovery_date": "2012-09-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "857051" } ], "notes": [ { "category": "description", "text": "The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS CRIME attack against HTTPS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4929" }, { "category": "external", "summary": "RHBZ#857051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4929", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4929" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4929", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4929" } ], "release_date": "2012-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-13T14:40:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization \nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "product_ids": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0636" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS CRIME attack against HTTPS" }, { "cve": "CVE-2012-6075", "discovery_date": "2012-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889301" } ], "notes": [ { "category": "description", "text": "Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.", "title": "Vulnerability description" }, { "category": "summary", "text": "qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-6075" }, { "category": "external", "summary": "RHBZ#889301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-6075", "url": "https://www.cve.org/CVERecord?id=CVE-2012-6075" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6075", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6075" } ], "release_date": "2012-12-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-13T14:40:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization \nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "product_ids": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0636" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled" }, { "cve": "CVE-2013-0166", "discovery_date": "2013-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "908052" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: DoS due to improper handling of OCSP response verification", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0166" }, { "category": "external", "summary": "RHBZ#908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0166", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" } ], "release_date": "2013-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-13T14:40:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization \nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "product_ids": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0636" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: DoS due to improper handling of OCSP response verification" }, { "cve": "CVE-2013-0169", "discovery_date": "2013-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907589" } ], "notes": [ { "category": "description", "text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: CBC padding timing attack (lucky-13)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0169" }, { "category": "external", "summary": "RHBZ#907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/", "url": "http://www.isg.rhul.ac.uk/tls/" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" }, { "category": "external", "summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released" } ], "release_date": "2013-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-13T14:40:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization \nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "product_ids": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0636" }, { "category": "workaround", "details": "On OpenShift Container Platform 3.11 it\u0027s possible to edit the list of cipher suites offered by the router when performing \u0027edge\u0027, or \u0027re-encrypt\u0027 TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In \u0027passthrough\u0027 mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS", "product_ids": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: CBC padding timing attack (lucky-13)" }, { "cve": "CVE-2013-1619", "discovery_date": "2013-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "908238" } ], "notes": [ { "category": "description", "text": "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: TLS CBC padding timing attack (lucky-13)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1619" }, { "category": "external", "summary": "RHBZ#908238", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908238" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1619", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1619" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1619", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1619" }, { "category": "external", "summary": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1", "url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/", "url": "http://www.isg.rhul.ac.uk/tls/" } ], "release_date": "2013-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-13T14:40:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization \nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "product_ids": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0636" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130306.2.el6_4.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gnutls: TLS CBC padding timing attack (lucky-13)" } ] }
rhsa-2013_0587
Vulnerability from csaf_redhat
Published
2013-03-04 21:05
Modified
2024-11-14 12:14
Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites
were used. A remote attacker could possibly use this flaw to retrieve plain
text from the encrypted packets by using a TLS/SSL or DTLS server as a
padding oracle. (CVE-2013-0169)
A NULL pointer dereference flaw was found in the OCSP response verification
in OpenSSL. A malicious OCSP server could use this flaw to crash
applications performing OCSP verification by sending a specially-crafted
response. (CVE-2013-0166)
It was discovered that the TLS/SSL protocol could leak information about
plain text when optional compression was used. An attacker able to control
part of the plain text sent over an encrypted TLS/SSL connection could
possibly use this flaw to recover other portions of the plain text.
(CVE-2012-4929)
Note: This update disables zlib compression, which was previously enabled
in OpenSSL by default. Applications using OpenSSL now need to explicitly
enable zlib compression to use it.
It was found that OpenSSL read certain environment variables even when used
by a privileged (setuid or setgid) application. A local attacker could use
this flaw to escalate their privileges. No application shipped with Red Hat
Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735)
All OpenSSL users should upgrade to these updated packages, which contain
backported patches to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the
system rebooted.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text.\n(CVE-2012-4929)\n\nNote: This update disables zlib compression, which was previously enabled\nin OpenSSL by default. Applications using OpenSSL now need to explicitly\nenable zlib compression to use it.\n\nIt was found that OpenSSL read certain environment variables even when used\nby a privileged (setuid or setgid) application. A local attacker could use\nthis flaw to escalate their privileges. No application shipped with Red Hat\nEnterprise Linux 5 and 6 was affected by this problem. (BZ#839735)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the\nsystem rebooted.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0587", "url": "https://access.redhat.com/errata/RHSA-2013:0587" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "839735", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839735" }, { "category": "external", "summary": "857051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051" }, { "category": "external", "summary": "907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0587.json" } ], "title": "Red Hat Security Advisory: openssl security update", "tracking": { "current_release_date": "2024-11-14T12:14:20+00:00", "generator": { "date": "2024-11-14T12:14:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2013:0587", "initial_release_date": "2013-03-04T21:05:00+00:00", "revision_history": [ { "date": "2013-03-04T21:05:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-03-04T21:11:42+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T12:14:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "product": { "name": "openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "product_id": "openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.8e-26.el5_9.1?arch=s390x" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "product": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "product_id": "openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-26.el5_9.1?arch=s390x" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-26.el5_9.1.s390x", "product": { "name": "openssl-0:0.9.8e-26.el5_9.1.s390x", "product_id": "openssl-0:0.9.8e-26.el5_9.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-26.el5_9.1?arch=s390x" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "product": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "product_id": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-26.el5_9.1?arch=s390x" } } }, { "category": "product_version", "name": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "product": { "name": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "product_id": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.0-27.el6_4.2?arch=s390x" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "product": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "product_id": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-27.el6_4.2?arch=s390x" } } }, { "category": "product_version", "name": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "product": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "product_id": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.0-27.el6_4.2?arch=s390x" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-27.el6_4.2.s390x", "product": { "name": "openssl-0:1.0.0-27.el6_4.2.s390x", "product_id": "openssl-0:1.0.0-27.el6_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-27.el6_4.2?arch=s390x" } } }, { "category": "product_version", "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "product": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "product_id": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-27.el6_4.2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:0.9.8e-26.el5_9.1.s390", "product": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.s390", "product_id": "openssl-devel-0:0.9.8e-26.el5_9.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-26.el5_9.1?arch=s390" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-26.el5_9.1.s390", "product": { "name": "openssl-0:0.9.8e-26.el5_9.1.s390", "product_id": "openssl-0:0.9.8e-26.el5_9.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-26.el5_9.1?arch=s390" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "product": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "product_id": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-26.el5_9.1?arch=s390" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-27.el6_4.2.s390", "product": { "name": "openssl-0:1.0.0-27.el6_4.2.s390", "product_id": "openssl-0:1.0.0-27.el6_4.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-27.el6_4.2?arch=s390" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "product": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "product_id": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-27.el6_4.2?arch=s390" } } }, { "category": "product_version", "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "product": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "product_id": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-27.el6_4.2?arch=s390" } } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "product": { "name": "openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "product_id": "openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.8e-26.el5_9.1?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "product": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "product_id": "openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-26.el5_9.1?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-26.el5_9.1.x86_64", "product": { "name": "openssl-0:0.9.8e-26.el5_9.1.x86_64", "product_id": "openssl-0:0.9.8e-26.el5_9.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-26.el5_9.1?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "product": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "product_id": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-26.el5_9.1?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "product": { "name": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "product_id": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.0-27.el6_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "product": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "product_id": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-27.el6_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "product": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "product_id": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.0-27.el6_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-27.el6_4.2.x86_64", "product": { "name": "openssl-0:1.0.0-27.el6_4.2.x86_64", "product_id": "openssl-0:1.0.0-27.el6_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-27.el6_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "product": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "product_id": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-27.el6_4.2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:0.9.8e-26.el5_9.1.i386", "product": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.i386", "product_id": "openssl-devel-0:0.9.8e-26.el5_9.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-26.el5_9.1?arch=i386" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "product": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "product_id": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-26.el5_9.1?arch=i386" } } }, { "category": "product_version", "name": "openssl-perl-0:0.9.8e-26.el5_9.1.i386", "product": { "name": "openssl-perl-0:0.9.8e-26.el5_9.1.i386", "product_id": "openssl-perl-0:0.9.8e-26.el5_9.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.8e-26.el5_9.1?arch=i386" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-26.el5_9.1.i386", "product": { "name": "openssl-0:0.9.8e-26.el5_9.1.i386", "product_id": "openssl-0:0.9.8e-26.el5_9.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-26.el5_9.1?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "openssl-0:0.9.8e-26.el5_9.1.i686", "product": { "name": "openssl-0:0.9.8e-26.el5_9.1.i686", "product_id": "openssl-0:0.9.8e-26.el5_9.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-26.el5_9.1?arch=i686" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "product": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "product_id": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-26.el5_9.1?arch=i686" } } }, { "category": "product_version", "name": "openssl-static-0:1.0.0-27.el6_4.2.i686", "product": { "name": "openssl-static-0:1.0.0-27.el6_4.2.i686", "product_id": "openssl-static-0:1.0.0-27.el6_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.0-27.el6_4.2?arch=i686" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "product": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "product_id": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-27.el6_4.2?arch=i686" } } }, { "category": "product_version", "name": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "product": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "product_id": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.0-27.el6_4.2?arch=i686" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-27.el6_4.2.i686", "product": { "name": "openssl-0:1.0.0-27.el6_4.2.i686", "product_id": "openssl-0:1.0.0-27.el6_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-27.el6_4.2?arch=i686" } } }, { "category": "product_version", "name": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "product": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "product_id": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-27.el6_4.2?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "product": { "name": "openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "product_id": "openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.8e-26.el5_9.1?arch=ia64" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "product": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "product_id": "openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-26.el5_9.1?arch=ia64" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-26.el5_9.1.ia64", "product": { "name": "openssl-0:0.9.8e-26.el5_9.1.ia64", "product_id": "openssl-0:0.9.8e-26.el5_9.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-26.el5_9.1?arch=ia64" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "product": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "product_id": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-26.el5_9.1?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "product": { "name": "openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "product_id": "openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@0.9.8e-26.el5_9.1?arch=ppc" } } }, { "category": "product_version", "name": "openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "product": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "product_id": "openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-26.el5_9.1?arch=ppc" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-26.el5_9.1.ppc", "product": { "name": "openssl-0:0.9.8e-26.el5_9.1.ppc", "product_id": "openssl-0:0.9.8e-26.el5_9.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-26.el5_9.1?arch=ppc" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "product": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "product_id": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-26.el5_9.1?arch=ppc" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-27.el6_4.2.ppc", "product": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc", "product_id": "openssl-0:1.0.0-27.el6_4.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-27.el6_4.2?arch=ppc" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "product": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "product_id": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-27.el6_4.2?arch=ppc" } } }, { "category": "product_version", "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "product": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "product_id": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-27.el6_4.2?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "product": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "product_id": "openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@0.9.8e-26.el5_9.1?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-0:0.9.8e-26.el5_9.1.ppc64", "product": { "name": "openssl-0:0.9.8e-26.el5_9.1.ppc64", "product_id": "openssl-0:0.9.8e-26.el5_9.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-26.el5_9.1?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "product": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "product_id": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@0.9.8e-26.el5_9.1?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "product": { "name": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "product_id": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.0-27.el6_4.2?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "product": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "product_id": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.0-27.el6_4.2?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "product": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "product_id": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.0-27.el6_4.2?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-27.el6_4.2.ppc64", "product": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc64", "product_id": "openssl-0:1.0.0-27.el6_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-27.el6_4.2?arch=ppc64" } } }, { "category": "product_version", "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "product": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "product_id": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.0-27.el6_4.2?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "openssl-0:0.9.8e-26.el5_9.1.src", "product": { "name": "openssl-0:0.9.8e-26.el5_9.1.src", "product_id": "openssl-0:0.9.8e-26.el5_9.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@0.9.8e-26.el5_9.1?arch=src" } } }, { "category": "product_version", "name": "openssl-0:1.0.0-27.el6_4.2.src", "product": { "name": "openssl-0:1.0.0-27.el6_4.2.src", "product_id": "openssl-0:1.0.0-27.el6_4.2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.0-27.el6_4.2?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-26.el5_9.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386" }, "product_reference": "openssl-0:0.9.8e-26.el5_9.1.i386", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-26.el5_9.1.i686 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686" }, "product_reference": "openssl-0:0.9.8e-26.el5_9.1.i686", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-26.el5_9.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64" }, "product_reference": "openssl-0:0.9.8e-26.el5_9.1.ia64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-26.el5_9.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc" }, "product_reference": "openssl-0:0.9.8e-26.el5_9.1.ppc", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-26.el5_9.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64" }, "product_reference": "openssl-0:0.9.8e-26.el5_9.1.ppc64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-26.el5_9.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390" }, "product_reference": "openssl-0:0.9.8e-26.el5_9.1.s390", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-26.el5_9.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x" }, "product_reference": "openssl-0:0.9.8e-26.el5_9.1.s390x", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-26.el5_9.1.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src" }, "product_reference": "openssl-0:0.9.8e-26.el5_9.1.src", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:0.9.8e-26.el5_9.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64" }, "product_reference": "openssl-0:0.9.8e-26.el5_9.1.x86_64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386" }, "product_reference": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686" }, "product_reference": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc" }, "product_reference": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390" }, "product_reference": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x" }, "product_reference": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64" }, "product_reference": "openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386" }, "product_reference": "openssl-devel-0:0.9.8e-26.el5_9.1.i386", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64" }, "product_reference": "openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc" }, "product_reference": "openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64" }, "product_reference": "openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390" }, "product_reference": "openssl-devel-0:0.9.8e-26.el5_9.1.s390", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x" }, "product_reference": "openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:0.9.8e-26.el5_9.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64" }, "product_reference": "openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-26.el5_9.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386" }, "product_reference": "openssl-perl-0:0.9.8e-26.el5_9.1.i386", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-26.el5_9.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64" }, "product_reference": "openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-26.el5_9.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc" }, "product_reference": "openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-26.el5_9.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x" }, "product_reference": "openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:0.9.8e-26.el5_9.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64" }, "product_reference": "openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "relates_to_product_reference": "5Server-5.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.src", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Client-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.src", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Client-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.src", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6ComputeNode-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.src", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.src as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.src", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Server-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.src", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Server-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.src", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Workstation-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.src", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.i686", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.ppc64", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.s390x", "relates_to_product_reference": "6Workstation-optional-6.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-0:1.0.0-27.el6_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" }, "product_reference": "openssl-static-0:1.0.0-27.el6_4.2.x86_64", "relates_to_product_reference": "6Workstation-optional-6.4.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-4929", "discovery_date": "2012-09-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "857051" } ], "notes": [ { "category": "description", "text": "The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS CRIME attack against HTTPS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4929" }, { "category": "external", "summary": "RHBZ#857051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4929", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4929" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4929", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4929" } ], "release_date": "2012-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-04T21:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0587" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS CRIME attack against HTTPS" }, { "cve": "CVE-2013-0166", "discovery_date": "2013-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "908052" } ], "notes": [ { "category": "description", "text": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: DoS due to improper handling of OCSP response verification", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0166" }, { "category": "external", "summary": "RHBZ#908052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0166", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" } ], "release_date": "2013-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-04T21:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0587" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: DoS due to improper handling of OCSP response verification" }, { "cve": "CVE-2013-0169", "discovery_date": "2013-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907589" } ], "notes": [ { "category": "description", "text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: CBC padding timing attack (lucky-13)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0169" }, { "category": "external", "summary": "RHBZ#907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/", "url": "http://www.isg.rhul.ac.uk/tls/" }, { "category": "external", "summary": "http://www.openssl.org/news/secadv_20130205.txt", "url": "http://www.openssl.org/news/secadv_20130205.txt" }, { "category": "external", "summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released" } ], "release_date": "2013-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-04T21:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0587" }, { "category": "workaround", "details": "On OpenShift Container Platform 3.11 it\u0027s possible to edit the list of cipher suites offered by the router when performing \u0027edge\u0027, or \u0027re-encrypt\u0027 TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In \u0027passthrough\u0027 mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS", "product_ids": [ "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.src", "5Server-5.9.Z:openssl-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.i686", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-debuginfo-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.ppc64", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-devel-0:0.9.8e-26.el5_9.1.x86_64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.i386", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ia64", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.ppc", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.s390x", "5Server-5.9.Z:openssl-perl-0:0.9.8e-26.el5_9.1.x86_64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Client-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Client-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6ComputeNode-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6ComputeNode-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Server-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Server-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.src", "6Workstation-optional-6.4.z:openssl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-debuginfo-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-devel-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-perl-0:1.0.0-27.el6_4.2.x86_64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.i686", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.ppc64", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.s390x", "6Workstation-optional-6.4.z:openssl-static-0:1.0.0-27.el6_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: CBC padding timing attack (lucky-13)" } ] }
gsd-2013-0166
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2013-0166", "description": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "id": "GSD-2013-0166", "references": [ "https://www.suse.com/security/cve/CVE-2013-0166.html", "https://www.debian.org/security/2013/dsa-2621", "https://access.redhat.com/errata/RHSA-2013:1013", "https://access.redhat.com/errata/RHSA-2013:0833", "https://access.redhat.com/errata/RHSA-2013:0783", "https://access.redhat.com/errata/RHSA-2013:0782", "https://access.redhat.com/errata/RHSA-2013:0636", "https://access.redhat.com/errata/RHSA-2013:0587", "https://alas.aws.amazon.com/cve/html/CVE-2013-0166.html", "https://linux.oracle.com/cve/CVE-2013-0166.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2013-0166" ], "details": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "id": "GSD-2013-0166", "modified": "2023-12-13T01:22:15.328111Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200", "refsource": "CONFIRM", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200" }, { "name": "RHSA-2013:0587", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "oval:org.mitre.oval:def:19360", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "name": "55139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55139" }, { "name": "http://www.openssl.org/news/secadv_20130204.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=908052", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "name": "HPSBUX02856", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SSRT101289", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "SSRT101108", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "RHSA-2013:0833", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" }, { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7", "refsource": "CONFIRM", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "name": "53623", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53623" }, { "name": "VU#737740", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02909", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "DSA-2621", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2621" }, { "name": "RHSA-2013:0783", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "name": "APPLE-SA-2013-09-12-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "name": "55108", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55108" }, { "name": "RHSA-2013:0782", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "name": "HPSBOV02852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SSRT101104", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "SUSE-SU-2015:0578", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "http://www.splunk.com/view/SP-CAAAHXG", "refsource": "CONFIRM", "url": "http://www.splunk.com/view/SP-CAAAHXG" }, { "name": "oval:org.mitre.oval:def:19487", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "name": "oval:org.mitre.oval:def:18754", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "name": "http://support.apple.com/kb/HT5880", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5880" }, { "name": "oval:org.mitre.oval:def:19081", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0", "refsource": "CONFIRM", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0166" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-310" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200", "refsource": "CONFIRM", "tags": [], "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200" }, { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7", "refsource": "CONFIRM", "tags": [], "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "name": "http://www.openssl.org/news/secadv_20130204.txt", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=908052", "refsource": "CONFIRM", "tags": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0", "refsource": "CONFIRM", "tags": [], "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" }, { "name": "DSA-2621", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2013/dsa-2621" }, { "name": "RHSA-2013:0587", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "RHSA-2013:0783", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "name": "HPSBUX02856", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "name": "RHSA-2013:0782", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "name": "VU#737740", "refsource": "CERT-VN", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "APPLE-SA-2013-09-12-1", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "name": "http://support.apple.com/kb/HT5880", "refsource": "CONFIRM", "tags": [], "url": "http://support.apple.com/kb/HT5880" }, { "name": "55139", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/55139" }, { "name": "55108", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/55108" }, { "name": "RHSA-2013:0833", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "name": "SSRT101289", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "name": "http://www.splunk.com/view/SP-CAAAHXG", "refsource": "CONFIRM", "tags": [], "url": "http://www.splunk.com/view/SP-CAAAHXG" }, { "name": "53623", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/53623" }, { "name": "SUSE-SU-2015:0578", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "SSRT101108", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "oval:org.mitre.oval:def:19487", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "name": "oval:org.mitre.oval:def:19360", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "name": "oval:org.mitre.oval:def:19081", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "name": "oval:org.mitre.oval:def:18754", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001", "refsource": "CONFIRM", "tags": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2018-08-09T01:29Z", "publishedDate": "2013-02-08T19:55Z" } } }
ghsa-f8qw-pqjg-gpv2
Vulnerability from github
Published
2022-05-05 02:48
Modified
2022-05-05 02:48
Details
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
{ "affected": [], "aliases": [ "CVE-2013-0166" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2013-02-08T19:55:00Z", "severity": "MODERATE" }, "details": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "id": "GHSA-f8qw-pqjg-gpv2", "modified": "2022-05-05T02:48:30Z", "published": "2022-05-05T02:48:30Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487" }, { "type": "WEB", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001" }, { "type": "WEB", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7" }, { "type": "WEB", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200" }, { "type": "WEB", "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/53623" }, { "type": "WEB", "url": "http://secunia.com/advisories/55108" }, { "type": "WEB", "url": "http://secunia.com/advisories/55139" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT5880" }, { "type": "WEB", "url": "http://www.debian.org/security/2013/dsa-2621" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/737740" }, { "type": "WEB", "url": "http://www.openssl.org/news/secadv_20130204.txt" }, { "type": "WEB", "url": "http://www.splunk.com/view/SP-CAAAHXG" } ], "schema_version": "1.4.0", "severity": [] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.