Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-1559 (GCVE-0-2019-1559)
Vulnerability from cvelistv5 – Published: 2019-02-27 23:00 – Updated: 2024-09-17 04:20
VLAI?
EPSS
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Severity ?
No CVSS data available.
CWE
- Padding Oracle
Assigner
References
Impacted products
Credits
Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:27.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "GLSA-201903-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "USN-3899-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "DSA-4400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "openSUSE-SU-2019:1076",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "openSUSE-SU-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1432",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "RHSA-2019:2304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
}
],
"datePublic": "2019-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Padding Oracle",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:01",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "107174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "GLSA-201903-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "USN-3899-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "DSA-4400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "openSUSE-SU-2019:1076",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "openSUSE-SU-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1432",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "RHSA-2019:2304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "0-byte record padding oracle",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2019-02-26",
"ID": "CVE-2019-1559",
"STATE": "PUBLIC",
"TITLE": "0-byte record padding oracle"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Padding Oracle"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "GLSA-201903-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "USN-3899-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "DSA-4400",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "openSUSE-SU-2019:1076",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "openSUSE-SU-2019:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1432",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "RHSA-2019:2304",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2439",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2471",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3929",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190301-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190301-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"name": "https://www.openssl.org/news/secadv/20190226.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"name": "https://support.f5.com/csp/article/K18549143",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"name": "https://www.tenable.com/security/tns-2019-02",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"name": "https://www.tenable.com/security/tns-2019-03",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2019-1559",
"datePublished": "2019-02-27T23:00:00Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-17T04:20:35.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.2\", \"versionEndExcluding\": \"1.0.2r\", \"matchCriteriaId\": \"1FB0EC34-4625-4B2A-8AB9-0764D9D9E6BC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"7.3\", \"matchCriteriaId\": \"BD075607-09B7-493E-8611-66D041FFDA62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*\", \"versionStartIncluding\": \"9.5\", \"matchCriteriaId\": \"0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E878102-1EA0-4D83-9F36-955DCF902211\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62347994-1353-497C-9C4A-D5D8D95F67E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85DF4B3F-4BBC-42B7-B729-096934523D63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3C19813-E823-456A-B1CE-EC0684CE1953\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"893C0367-DD1A-4754-B9E0-4944344108EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C18CA4B5-28FD-4199-B1F0-B1E59E920370\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*\", \"matchCriteriaId\": \"EB2FB857-5F1F-46E5-A90C-AFB990BF1660\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A4D418D-B526-46B9-B439-E1963BF88C0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735E553-9731-4AAC-BCFF-989377F817B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E968916-8CE0-4165-851F-14E37ECEA948\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"361B791A-D336-4431-8F68-8135BEFFAEA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"146A767F-DC04-454B-9913-17D3A2B5AAA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*\", \"matchCriteriaId\": \"61D7EF01-F618-497F-9375-8003CEA3D380\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F74F467A-0C81-40D9-BA06-40FB8EF02C04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B7A6697-98CC-4E36-93DB-B7160F8399F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndIncluding\": \"9.0.4\", \"matchCriteriaId\": \"D239B58A-9386-443D-B579-B56AE2A500BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD7447BC-F315-4298-A822-549942FC118B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"6C3B5688-0235-4D4F-A26C-440FF24A1B43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"706316DC-8C24-4D9E-B7B4-F62CB52106B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"EFBB9E7C-08D1-4B30-AD3B-CADBF30D756B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"151ED6D1-AA85-4213-8F3A-8167CBEC4721\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"BFA83D61-1A50-47F5-B9BE-15D672A6DDAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"925049D0-082E-4CED-9996-A55620A220CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"830028B5-9BAF-439C-8166-1053C0CB9836\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"5D5AA99B-08E7-4959-A3B4-41AA527B4B22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"22C64069-68D1-445F-B20D-FD1FF8DB0F71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"6D87C038-B96D-4EA8-AB03-0401B2C9BB24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"01BC2A57-030F-4A13-B584-BE2627EA3FE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"9DC86A5F-C793-4848-901F-04BFB57A07F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"9CE03A8F-DAE1-4923-9741-DC89FA8A6FD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"037C035C-9CFC-4224-8264-6132252D11FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"FD91F1A1-67F5-4547-848B-21664A9CC685\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"2E5552A3-91CD-4B97-AD33-4F1FB4C8827A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"A7E616EB-F2F9-43BF-A23D-8FD0650DA85B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"10367A28-787A-4FAB-80AD-ADD67A751732\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"55C2EC23-E78F-4447-BACF-21FC36ABF155\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"180D2770-61F3-4CFB-B5FA-1CF1796D4B3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"46712630-407A-4E61-B62F-3AB156353A1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"21E18EA5-2210-41B1-87B0-55AB16514FE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"EFFCCCFF-8B66-4C8B-A99A-32964855EF98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"5D0BD10F-735D-4442-828B-0B90207ABEAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"448BB033-AE0F-46A0-8E98-3A6AE36EADAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"CC06609D-C362-4214-8487-2278161B5EAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"945A19E8-51EB-42FE-9BF1-12DAC78B5286\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"2008DD47-CC1D-430F-8478-E90617F5F998\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"DC39F6EE-478A-4638-B97D-3C25FD318F3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"317C50A2-FE92-4C78-A94A-062274E6A6A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"EB5007D0-BBDB-4D74-9C88-98FBA74757D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"389B6330-3041-4892-97D5-B5A6D9CE1487\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"5C556587-6963-49CF-8A2B-00431B386D78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"D748001D-340C-45C4-A2D0-0575538C5CEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"B7725810-66D2-4460-A174-9F3BFAD966F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"D7854954-A9A4-487B-B6C7-8DC1F83F4BD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"572B1078-60C4-4A71-A0F4-2E2F4FBC4102\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"0371EB7C-3D41-4B8C-8FA9-DC6F42442448\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"EFD760FE-4347-4D36-B5C6-4009398060F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"FB7588DA-75D3-4374-8871-D92E95509C91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"C95403E8-A078-47E8-9B2F-F572D24C79EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"9C1BC0A8-5868-4FCA-80A5-661C3870EB7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"65B76F53-7D8B-477E-8B6E-91AC0A9009FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"E824BD72-428F-4A8D-ABE6-2A45EB9A4E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"0585424E-3F74-400E-8199-ED964317F89F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.5\", \"matchCriteriaId\": \"69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0.0\", \"versionEndIncluding\": \"13.1.3\", \"matchCriteriaId\": \"7A6CF6F4-D68A-45C3-A36E-A8B3AF61367F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndIncluding\": \"14.1.2\", \"matchCriteriaId\": \"F2ADF37B-FCEB-4735-82D9-4241E3A4DE64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndIncluding\": \"15.1.0\", \"matchCriteriaId\": \"D7722F39-9B7E-4267-B757-B9570B039323\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.1.0\", \"matchCriteriaId\": \"F37D18F2-8C6A-4557-85DC-2A751595423C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndIncluding\": \"7.1.0\", \"matchCriteriaId\": \"C88B0206-093A-4A18-8322-A1CD1D4ACF2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndIncluding\": \"5.1.0\", \"matchCriteriaId\": \"4E52F91D-3F39-4D89-8069-EC422FB1F700\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.2.3\", \"matchCriteriaId\": \"427DA624-2397-4A61-A2ED-23F5C22C174E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB30733E-68FC-49C4-86C0-7FEE75C366BF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6361DAC6-600F-4B15-8797-D67F298F46FB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ADE5E80-06D3-4A1B-A655-FBB6CCA03939\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75A43965-CB2E-4C28-AFC3-1ADE7A6B845C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F2D2745-242C-4603-899E-70C9025BDDD2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFB4541D-5EF7-4266-BFF3-2DDEC95E8012\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7FD1DA9-7980-4643-B378-7095892DA176\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"347E9E3E-941C-4109-B59F-B9BB05486B34\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD661062-0D5B-4671-9D92-FEF8D7395C1E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B36CECA5-4545-49C2-92EB-B739407B207F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8E7549A-DE35-4274-B3F6-22D51C7A6613\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.6.0\", \"versionEndIncluding\": \"5.6.4\", \"matchCriteriaId\": \"CBD9362E-F36F-4820-A29E-5BDDF6AC3ACE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndExcluding\": \"6.0.0\", \"matchCriteriaId\": \"02630E85-191E-4C58-B81B-4DAF93A26856\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndExcluding\": \"3.0.0\", \"matchCriteriaId\": \"65D5476E-FBF9-474B-87E1-B6459E52736C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"9.0.0\", \"matchCriteriaId\": \"DDD5E877-978C-4A16-B6C5-41A30D020B54\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F04157-FB34-4F22-B328-6BE1F2373DEE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB28F9AF-3D06-4532-B397-96D7E4792503\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5553591-073B-45E3-999F-21B8BA2EEE22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"523CD57C-43D4-4C79-BA00-A9A65C6588E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"77C3DD16-1D81-40E1-B312-50FBD275507C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"81DAC8C0-D342-44B5-9432-6B88D389584F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4534CF9-D9FD-4936-9D8C-077387028A05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D60384BD-284C-4A68-9EEF-0FAFDF0C21F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6E5E8B0-EDE5-4FE4-880C-766FAE1EA42C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8EDA23C-7F75-4712-AF3F-B0E3597810B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D139E52-0528-4D05-8502-1AB9AB10CA9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D4AF039-F3B6-45EB-A87E-8BCCF822AE23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C05190B9-237F-4E2E-91EA-DB1B738864AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5D0F0C0-75EB-4685-A4CD-E58D1F2C6FDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B59717B5-34D5-4C83-904A-884ED30DFC19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19BA6F25-B88A-42A1-A9E3-2DCF4E8F51A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E28B437-64A8-456C-98A1-4ADF5B6A2F60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D705705-0D0D-468B-A140-C9A1B7A6CE6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07BB35D4-9CCD-43D3-B482-E0BEB3BF2351\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB468FEE-A0F4-49A0-BBEE-10D0733C87D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB290045-2140-47EE-9BB4-35BAE8F1599C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98F3E643-4B65-4668-BB11-C61ED54D5A53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDCE0E90-495E-4437-8529-3C36441FB69D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37209C6F-EF99-4D21-9608-B3A06D283D24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83800E2F-804C-485D-A8FA-F4B32CDB4548\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60BEB1C6-C279-4BB0-972C-BE28A6605C09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B1CAD50-749F-4ADB-A046-BF3585677A58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.6.0\", \"versionEndIncluding\": \"5.6.43\", \"matchCriteriaId\": \"C637AC8A-F5F7-447E-A7F6-D6BA7AB45DF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.7.0\", \"versionEndIncluding\": \"5.7.25\", \"matchCriteriaId\": \"CA988288-7D0C-4ADE-BE61-484D2D555A8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.0.15\", \"matchCriteriaId\": \"0E106D13-CBF8-4A2C-8E89-A66C6EF5D408\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.0.8\", \"matchCriteriaId\": \"DFBC7A65-3C0B-4B17-B087-250E69EE5B12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.0.14\", \"matchCriteriaId\": \"A443D73A-63BE-4D1F-B605-0F7D20915518\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.0.16\", \"matchCriteriaId\": \"71CD99E7-3FE7-42E2-B480-7AA0E543340E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E1E416B-920B-49A0-9523-382898C2979D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5265C91-FF5C-4451-A7C2-D388A65ACFA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62DAD71E-A6D5-4CA9-A016-100F2D5114A6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.1.0\", \"versionEndExcluding\": \"7.1.15\", \"matchCriteriaId\": \"F457852F-D998-4BCF-99FE-09C6DFC8851A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.0.20\", \"matchCriteriaId\": \"ACA311D7-0ADC-497A-8A47-5AB864F201DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.1.0\", \"versionEndExcluding\": \"8.1.8\", \"matchCriteriaId\": \"0F57DBD8-DCA7-43FB-AC9E-6BDBB3EBE500\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.0.2\", \"matchCriteriaId\": \"AD1987BB-8F42-48F0-8FE2-70ABD689F434\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.8.1\", \"matchCriteriaId\": \"D107EC29-67E7-40C3-8E5A-324C9105C5E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"6.9.0\", \"versionEndExcluding\": \"6.17.0\", \"matchCriteriaId\": \"FD2FB20C-EC88-4CD3-BC6E-1E65FAFADC36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.8.1\", \"matchCriteriaId\": \"74FB695D-2C76-47AB-988E-5629D2E695E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"8.9.0\", \"versionEndExcluding\": \"8.15.1\", \"matchCriteriaId\": \"A94F4836-1873-43F4-916E-9D9B302A053A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \\\"non-stitched\\\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).\"}, {\"lang\": \"es\", \"value\": \"Si una aplicaci\\u00f3n encuentra un error de protocolo \\\"fatal\\\" y llama a SSL_shutdown() dos veces (una vez para enviar un close_notify y otra vez para recibir uno de \\u00e9stos), posteriormente OpenSLL puede responder de manera diferente a la aplicaci\\u00f3n llamante si un registro de 0 byte se recibe con un relleno inv\\u00e1lido, comparado con si un registro de 0 bytes se recibe con un MAC inv\\u00e1lido.\"}]",
"id": "CVE-2019-1559",
"lastModified": "2024-11-21T04:36:48.960",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-02-27T23:29:00.277",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/107174\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2304\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2437\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2439\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2471\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3929\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3931\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201903-10\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190301-0001/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190301-0002/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190423-0002/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K18549143\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://usn.ubuntu.com/3899-1/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4376-2/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4400\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20190226.txt\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-02\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-03\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/107174\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2304\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2437\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2439\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2471\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3929\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3931\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201903-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190301-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190301-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190423-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K18549143\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3899-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4376-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4400\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20190226.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-1559\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2019-02-27T23:29:00.277\",\"lastModified\":\"2024-11-21T04:36:48.960\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \\\"non-stitched\\\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).\"},{\"lang\":\"es\",\"value\":\"Si una aplicaci\u00f3n encuentra un error de protocolo \\\"fatal\\\" y llama a SSL_shutdown() dos veces (una vez para enviar un close_notify y otra vez para recibir uno de \u00e9stos), posteriormente OpenSLL puede responder de manera diferente a la aplicaci\u00f3n llamante si un registro de 0 byte se recibe con un relleno inv\u00e1lido, comparado con si un registro de 0 bytes se recibe con un MAC inv\u00e1lido.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.2\",\"versionEndExcluding\":\"1.0.2r\",\"matchCriteriaId\":\"1FB0EC34-4625-4B2A-8AB9-0764D9D9E6BC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"7.3\",\"matchCriteriaId\":\"BD075607-09B7-493E-8611-66D041FFDA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*\",\"versionStartIncluding\":\"9.5\",\"matchCriteriaId\":\"0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E878102-1EA0-4D83-9F36-955DCF902211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62347994-1353-497C-9C4A-D5D8D95F67E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85DF4B3F-4BBC-42B7-B729-096934523D63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C19813-E823-456A-B1CE-EC0684CE1953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"893C0367-DD1A-4754-B9E0-4944344108EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C18CA4B5-28FD-4199-B1F0-B1E59E920370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*\",\"matchCriteriaId\":\"EB2FB857-5F1F-46E5-A90C-AFB990BF1660\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A4D418D-B526-46B9-B439-E1963BF88C0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E968916-8CE0-4165-851F-14E37ECEA948\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"361B791A-D336-4431-8F68-8135BEFFAEA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"146A767F-DC04-454B-9913-17D3A2B5AAA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*\",\"matchCriteriaId\":\"61D7EF01-F618-497F-9375-8003CEA3D380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F74F467A-0C81-40D9-BA06-40FB8EF02C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B7A6697-98CC-4E36-93DB-B7160F8399F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.0.4\",\"matchCriteriaId\":\"D239B58A-9386-443D-B579-B56AE2A500BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"6C3B5688-0235-4D4F-A26C-440FF24A1B43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"706316DC-8C24-4D9E-B7B4-F62CB52106B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"EFBB9E7C-08D1-4B30-AD3B-CADBF30D756B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"151ED6D1-AA85-4213-8F3A-8167CBEC4721\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"BFA83D61-1A50-47F5-B9BE-15D672A6DDAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"925049D0-082E-4CED-9996-A55620A220CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"830028B5-9BAF-439C-8166-1053C0CB9836\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"5D5AA99B-08E7-4959-A3B4-41AA527B4B22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"22C64069-68D1-445F-B20D-FD1FF8DB0F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"6D87C038-B96D-4EA8-AB03-0401B2C9BB24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"01BC2A57-030F-4A13-B584-BE2627EA3FE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"9DC86A5F-C793-4848-901F-04BFB57A07F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"9CE03A8F-DAE1-4923-9741-DC89FA8A6FD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"037C035C-9CFC-4224-8264-6132252D11FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"FD91F1A1-67F5-4547-848B-21664A9CC685\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"2E5552A3-91CD-4B97-AD33-4F1FB4C8827A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"A7E616EB-F2F9-43BF-A23D-8FD0650DA85B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"10367A28-787A-4FAB-80AD-ADD67A751732\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"55C2EC23-E78F-4447-BACF-21FC36ABF155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"180D2770-61F3-4CFB-B5FA-1CF1796D4B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"46712630-407A-4E61-B62F-3AB156353A1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"21E18EA5-2210-41B1-87B0-55AB16514FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"EFFCCCFF-8B66-4C8B-A99A-32964855EF98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"5D0BD10F-735D-4442-828B-0B90207ABEAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"448BB033-AE0F-46A0-8E98-3A6AE36EADAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"CC06609D-C362-4214-8487-2278161B5EAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"945A19E8-51EB-42FE-9BF1-12DAC78B5286\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"2008DD47-CC1D-430F-8478-E90617F5F998\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"DC39F6EE-478A-4638-B97D-3C25FD318F3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"317C50A2-FE92-4C78-A94A-062274E6A6A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"EB5007D0-BBDB-4D74-9C88-98FBA74757D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"389B6330-3041-4892-97D5-B5A6D9CE1487\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"5C556587-6963-49CF-8A2B-00431B386D78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"D748001D-340C-45C4-A2D0-0575538C5CEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"B7725810-66D2-4460-A174-9F3BFAD966F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"D7854954-A9A4-487B-B6C7-8DC1F83F4BD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"572B1078-60C4-4A71-A0F4-2E2F4FBC4102\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"0371EB7C-3D41-4B8C-8FA9-DC6F42442448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"EFD760FE-4347-4D36-B5C6-4009398060F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"FB7588DA-75D3-4374-8871-D92E95509C91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"C95403E8-A078-47E8-9B2F-F572D24C79EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"9C1BC0A8-5868-4FCA-80A5-661C3870EB7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"65B76F53-7D8B-477E-8B6E-91AC0A9009FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"E824BD72-428F-4A8D-ABE6-2A45EB9A4E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"0585424E-3F74-400E-8199-ED964317F89F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.5\",\"matchCriteriaId\":\"69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"7A6CF6F4-D68A-45C3-A36E-A8B3AF61367F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"F2ADF37B-FCEB-4735-82D9-4241E3A4DE64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.1.0\",\"matchCriteriaId\":\"D7722F39-9B7E-4267-B757-B9570B039323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.1.0\",\"matchCriteriaId\":\"F37D18F2-8C6A-4557-85DC-2A751595423C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.1.0\",\"matchCriteriaId\":\"C88B0206-093A-4A18-8322-A1CD1D4ACF2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"5.1.0\",\"matchCriteriaId\":\"4E52F91D-3F39-4D89-8069-EC422FB1F700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.2.3\",\"matchCriteriaId\":\"427DA624-2397-4A61-A2ED-23F5C22C174E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB30733E-68FC-49C4-86C0-7FEE75C366BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6361DAC6-600F-4B15-8797-D67F298F46FB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ADE5E80-06D3-4A1B-A655-FBB6CCA03939\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75A43965-CB2E-4C28-AFC3-1ADE7A6B845C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F2D2745-242C-4603-899E-70C9025BDDD2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFB4541D-5EF7-4266-BFF3-2DDEC95E8012\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7FD1DA9-7980-4643-B378-7095892DA176\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"347E9E3E-941C-4109-B59F-B9BB05486B34\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD661062-0D5B-4671-9D92-FEF8D7395C1E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B36CECA5-4545-49C2-92EB-B739407B207F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8E7549A-DE35-4274-B3F6-22D51C7A6613\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6.0\",\"versionEndIncluding\":\"5.6.4\",\"matchCriteriaId\":\"CBD9362E-F36F-4820-A29E-5BDDF6AC3ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"02630E85-191E-4C58-B81B-4DAF93A26856\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"3.0.0\",\"matchCriteriaId\":\"65D5476E-FBF9-474B-87E1-B6459E52736C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"9.0.0\",\"matchCriteriaId\":\"DDD5E877-978C-4A16-B6C5-41A30D020B54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F04157-FB34-4F22-B328-6BE1F2373DEE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB28F9AF-3D06-4532-B397-96D7E4792503\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5553591-073B-45E3-999F-21B8BA2EEE22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"523CD57C-43D4-4C79-BA00-A9A65C6588E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"77C3DD16-1D81-40E1-B312-50FBD275507C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"81DAC8C0-D342-44B5-9432-6B88D389584F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4534CF9-D9FD-4936-9D8C-077387028A05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D60384BD-284C-4A68-9EEF-0FAFDF0C21F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6E5E8B0-EDE5-4FE4-880C-766FAE1EA42C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8EDA23C-7F75-4712-AF3F-B0E3597810B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D139E52-0528-4D05-8502-1AB9AB10CA9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D4AF039-F3B6-45EB-A87E-8BCCF822AE23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C05190B9-237F-4E2E-91EA-DB1B738864AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5D0F0C0-75EB-4685-A4CD-E58D1F2C6FDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B59717B5-34D5-4C83-904A-884ED30DFC19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19BA6F25-B88A-42A1-A9E3-2DCF4E8F51A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E28B437-64A8-456C-98A1-4ADF5B6A2F60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D705705-0D0D-468B-A140-C9A1B7A6CE6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07BB35D4-9CCD-43D3-B482-E0BEB3BF2351\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB468FEE-A0F4-49A0-BBEE-10D0733C87D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB290045-2140-47EE-9BB4-35BAE8F1599C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F3E643-4B65-4668-BB11-C61ED54D5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDCE0E90-495E-4437-8529-3C36441FB69D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37209C6F-EF99-4D21-9608-B3A06D283D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83800E2F-804C-485D-A8FA-F4B32CDB4548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60BEB1C6-C279-4BB0-972C-BE28A6605C09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B1CAD50-749F-4ADB-A046-BF3585677A58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6.0\",\"versionEndIncluding\":\"5.6.43\",\"matchCriteriaId\":\"C637AC8A-F5F7-447E-A7F6-D6BA7AB45DF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.7.0\",\"versionEndIncluding\":\"5.7.25\",\"matchCriteriaId\":\"CA988288-7D0C-4ADE-BE61-484D2D555A8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.15\",\"matchCriteriaId\":\"0E106D13-CBF8-4A2C-8E89-A66C6EF5D408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.8\",\"matchCriteriaId\":\"DFBC7A65-3C0B-4B17-B087-250E69EE5B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.14\",\"matchCriteriaId\":\"A443D73A-63BE-4D1F-B605-0F7D20915518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.16\",\"matchCriteriaId\":\"71CD99E7-3FE7-42E2-B480-7AA0E543340E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5265C91-FF5C-4451-A7C2-D388A65ACFA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62DAD71E-A6D5-4CA9-A016-100F2D5114A6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.0\",\"versionEndExcluding\":\"7.1.15\",\"matchCriteriaId\":\"F457852F-D998-4BCF-99FE-09C6DFC8851A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.20\",\"matchCriteriaId\":\"ACA311D7-0ADC-497A-8A47-5AB864F201DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.8\",\"matchCriteriaId\":\"0F57DBD8-DCA7-43FB-AC9E-6BDBB3EBE500\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.2\",\"matchCriteriaId\":\"AD1987BB-8F42-48F0-8FE2-70ABD689F434\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.8.1\",\"matchCriteriaId\":\"D107EC29-67E7-40C3-8E5A-324C9105C5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"6.9.0\",\"versionEndExcluding\":\"6.17.0\",\"matchCriteriaId\":\"FD2FB20C-EC88-4CD3-BC6E-1E65FAFADC36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.8.1\",\"matchCriteriaId\":\"74FB695D-2C76-47AB-988E-5629D2E695E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndExcluding\":\"8.15.1\",\"matchCriteriaId\":\"A94F4836-1873-43F4-916E-9D9B302A053A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107174\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2304\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2437\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2439\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2471\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3929\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3931\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.gentoo.org/glsa/201903-10\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190301-0001/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190301-0002/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190423-0002/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K18549143\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://usn.ubuntu.com/3899-1/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4376-2/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4400\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20190226.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-02\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-03\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107174\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2304\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2437\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2471\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201903-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190301-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190301-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190423-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K18549143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3899-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4376-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4400\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20190226.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-177
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Virtualization. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Virtualization | Oracle Secure Global Desktop version 5.4 | ||
| Oracle | Virtualization | Oracle VM VirtualBox versions antérieures à 5.2.28 et 6.0.6 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Secure Global Desktop version 5.4",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 5.2.28 et 6.0.6",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2703",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2703"
},
{
"name": "CVE-2019-2721",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2721"
},
{
"name": "CVE-2019-2574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2574"
},
{
"name": "CVE-2019-2680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2680"
},
{
"name": "CVE-2019-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2656"
},
{
"name": "CVE-2019-2657",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2657"
},
{
"name": "CVE-2018-11784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11784"
},
{
"name": "CVE-2019-2678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2678"
},
{
"name": "CVE-2019-2679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2679"
},
{
"name": "CVE-2019-2722",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2722"
},
{
"name": "CVE-2019-2723",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2723"
},
{
"name": "CVE-2019-3822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3822"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-2690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2690"
},
{
"name": "CVE-2019-2696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2696"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-177",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle\nVirtualization. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Virtualization",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019verbose-5072824 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html#OVIR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019-5072813 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
CERTFR-2019-AVI-132
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus 8.2.3 et versions ant\u00e9rieures",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
},
{
"name": "CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-132",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2019-02 du 26 mars 2019",
"url": "https://www.tenable.com/security/tns-2019-02"
}
]
}
CERTFR-2019-AVI-080
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans OpenSSL. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSL versions 1.0.2x ant\u00e9rieures \u00e0 1.0.2r",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-080",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans OpenSSL. Elle permet \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans OpenSSL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 26 f\u00e9vrier 2019",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
]
}
CERTFR-2022-AVI-267
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-13082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
},
{
"name": "CVE-2017-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
},
{
"name": "CVE-2017-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
},
{
"name": "CVE-2017-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2007-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
},
{
"name": "CVE-2007-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
},
{
"name": "CVE-2007-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
},
{
"name": "CVE-2008-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
},
{
"name": "CVE-2008-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
},
{
"name": "CVE-2008-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
},
{
"name": "CVE-2008-4226",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
},
{
"name": "CVE-2008-4225",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
},
{
"name": "CVE-2015-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
},
{
"name": "CVE-2015-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
},
{
"name": "CVE-2017-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
},
{
"name": "CVE-2017-7778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
},
{
"name": "CVE-2017-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
},
{
"name": "CVE-2017-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
},
{
"name": "CVE-2017-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
},
{
"name": "CVE-2017-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
},
{
"name": "CVE-2017-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-14492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
},
{
"name": "CVE-2017-14496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2017-14493",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
},
{
"name": "CVE-2017-14494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
},
{
"name": "CVE-2017-14495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2017-17807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2018-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-10132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
},
{
"name": "CVE-2019-11190",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2015-9289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
},
{
"name": "CVE-2019-15217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2019-17133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-17055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
},
{
"name": "CVE-2019-17053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-15807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-15916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2018-14526",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
},
{
"name": "CVE-2019-19055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2019-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
},
{
"name": "CVE-2019-3901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2018-19519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
},
{
"name": "CVE-2020-10713",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
},
{
"name": "CVE-2020-14311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
},
{
"name": "CVE-2020-14309",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
},
{
"name": "CVE-2020-15706",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
},
{
"name": "CVE-2020-14308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
},
{
"name": "CVE-2020-14310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
},
{
"name": "CVE-2020-15705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
},
{
"name": "CVE-2020-15707",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2020-10742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2019-12450",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
},
{
"name": "CVE-2020-12825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2019-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-10754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2019-14822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2017-13722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
},
{
"name": "CVE-2014-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
},
{
"name": "CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"name": "CVE-2018-15746",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2019-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2019-10155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"name": "CVE-2018-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
},
{
"name": "CVE-2020-12662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
},
{
"name": "CVE-2012-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
},
{
"name": "CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"name": "CVE-2018-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
},
{
"name": "CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"name": "CVE-2010-2239",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
},
{
"name": "CVE-2010-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
},
{
"name": "CVE-2017-14167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
},
{
"name": "CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2013-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2018-15857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
},
{
"name": "CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"name": "CVE-2018-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
},
{
"name": "CVE-2014-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2013-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
},
{
"name": "CVE-2016-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
},
{
"name": "CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"name": "CVE-2018-1000301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2019-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
},
{
"name": "CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"name": "CVE-2014-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
},
{
"name": "CVE-2017-1000050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
},
{
"name": "CVE-2018-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
},
{
"name": "CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"name": "CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"name": "CVE-2018-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
},
{
"name": "CVE-2018-15853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
},
{
"name": "CVE-2019-14378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
},
{
"name": "CVE-2016-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
},
{
"name": "CVE-2019-12312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2016-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
},
{
"name": "CVE-2014-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
},
{
"name": "CVE-2014-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
},
{
"name": "CVE-2015-9381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
},
{
"name": "CVE-2016-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
},
{
"name": "CVE-2018-14598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
},
{
"name": "CVE-2014-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2012-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
},
{
"name": "CVE-2018-7208",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
},
{
"name": "CVE-2018-12910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"name": "CVE-2018-15854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
},
{
"name": "CVE-2019-13404",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
},
{
"name": "CVE-2015-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
},
{
"name": "CVE-2018-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
},
{
"name": "CVE-2018-7550",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
},
{
"name": "CVE-2016-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"name": "CVE-2018-19788",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2019-3840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
},
{
"name": "CVE-2016-9189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"name": "CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"name": "CVE-2019-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2019-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
},
{
"name": "CVE-2019-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
},
{
"name": "CVE-2019-14834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
},
{
"name": "CVE-2018-15855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
},
{
"name": "CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"name": "CVE-2018-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
},
{
"name": "CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"name": "CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"name": "CVE-2021-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2017-15268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
},
{
"name": "CVE-2018-15587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
},
{
"name": "CVE-2016-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
},
{
"name": "CVE-2017-13711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
},
{
"name": "CVE-2014-8131",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
},
{
"name": "CVE-2014-9601",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
},
{
"name": "CVE-2014-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
},
{
"name": "CVE-2018-10373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
},
{
"name": "CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"name": "CVE-2011-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
},
{
"name": "CVE-2018-1000802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
},
{
"name": "CVE-2017-7555",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
},
{
"name": "CVE-2016-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
},
{
"name": "CVE-2017-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
},
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2017-11671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
},
{
"name": "CVE-2017-10664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
},
{
"name": "CVE-2018-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
},
{
"name": "CVE-2013-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
},
{
"name": "CVE-2019-10138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
},
{
"name": "CVE-2019-7578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
},
{
"name": "CVE-2020-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
},
{
"name": "CVE-2017-11368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
},
{
"name": "CVE-2018-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
},
{
"name": "CVE-2019-20485",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
},
{
"name": "CVE-2003-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
},
{
"name": "CVE-2017-15289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
},
{
"name": "CVE-2016-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
},
{
"name": "CVE-2017-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
},
{
"name": "CVE-2018-15864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
},
{
"name": "CVE-2017-18207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
},
{
"name": "CVE-2019-12761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
},
{
"name": "CVE-2013-5651",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
},
{
"name": "CVE-2017-17522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
},
{
"name": "CVE-2019-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
},
{
"name": "CVE-2016-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
},
{
"name": "CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"name": "CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
},
{
"name": "CVE-2015-5652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
},
{
"name": "CVE-2019-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2018-10906",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
},
{
"name": "CVE-2018-15863",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
},
{
"name": "CVE-2018-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"name": "CVE-2017-5992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
},
{
"name": "CVE-2019-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2018-1000030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"name": "CVE-2018-7568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
},
{
"name": "CVE-2016-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2018-14599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
},
{
"name": "CVE-2018-10733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
},
{
"name": "CVE-2016-9396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2017-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
},
{
"name": "CVE-2016-1000032",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
},
{
"name": "CVE-2017-15124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
},
{
"name": "CVE-2018-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
},
{
"name": "CVE-2013-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
},
{
"name": "CVE-2019-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
},
{
"name": "CVE-2014-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
},
{
"name": "CVE-2018-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
},
{
"name": "CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"name": "CVE-2018-15856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2019-7573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2010-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
},
{
"name": "CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"name": "CVE-2018-14348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
},
{
"name": "CVE-2019-3890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2019-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
},
{
"name": "CVE-2016-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
},
{
"name": "CVE-2018-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
},
{
"name": "CVE-2013-4297",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
},
{
"name": "CVE-2010-2238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
},
{
"name": "CVE-2018-14600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
},
{
"name": "CVE-2017-13090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
},
{
"name": "CVE-2013-7336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
},
{
"name": "CVE-2018-10372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
},
{
"name": "CVE-2019-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
},
{
"name": "CVE-2018-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
},
{
"name": "CVE-2018-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
},
{
"name": "CVE-2015-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
},
{
"name": "CVE-2018-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
},
{
"name": "CVE-2014-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
},
{
"name": "CVE-2013-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
},
{
"name": "CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"name": "CVE-2014-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
},
{
"name": "CVE-2018-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
},
{
"name": "CVE-2017-16611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
},
{
"name": "CVE-2014-7823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
},
{
"name": "CVE-2020-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
},
{
"name": "CVE-2018-7569",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
},
{
"name": "CVE-2013-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2015-9382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
},
{
"name": "CVE-2017-18190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
},
{
"name": "CVE-2016-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
},
{
"name": "CVE-2018-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
},
{
"name": "CVE-2016-9190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
},
{
"name": "CVE-2019-7574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
},
{
"name": "CVE-2016-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
},
{
"name": "CVE-2016-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
},
{
"name": "CVE-2011-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
},
{
"name": "CVE-2020-5208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
},
{
"name": "CVE-2019-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
},
{
"name": "CVE-2020-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
},
{
"name": "CVE-2020-25637",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
},
{
"name": "CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"name": "CVE-2018-15859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
},
{
"name": "CVE-2017-13089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
},
{
"name": "CVE-2019-12779",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2019-6690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2018-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2016-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
},
{
"name": "CVE-2018-14498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
},
{
"name": "CVE-2018-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
},
{
"name": "CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"name": "CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"name": "CVE-2016-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
},
{
"name": "CVE-2014-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-267",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2019-AVI-175
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | Oracle MySQL Enterprise Monitor versions antérieures à 4.0.8 et 8.0.14 | ||
| Oracle | MySQL | Oracle MySQL Connectors versions antérieures à 5.3.12 et 8.0.15 | ||
| Oracle | MySQL | Oracle MySQL Server versions antérieures à 5.6.43, 5.7.25, 8.0.15 | ||
| Oracle | MySQL | Oracle MySQL Enterprise Backup versions antérieures à 3.12.3 et 4.1.2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL Enterprise Monitor versions ant\u00e9rieures \u00e0 4.0.8 et 8.0.14",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Connectors versions ant\u00e9rieures \u00e0 5.3.12 et 8.0.15",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Server versions ant\u00e9rieures \u00e0 5.6.43, 5.7.25, 8.0.15",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Enterprise Backup versions ant\u00e9rieures \u00e0 3.12.3 et 4.1.2",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2585"
},
{
"name": "CVE-2019-2628",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2628"
},
{
"name": "CVE-2019-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2589"
},
{
"name": "CVE-2019-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2596"
},
{
"name": "CVE-2019-2630",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2630"
},
{
"name": "CVE-2019-2607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2607"
},
{
"name": "CVE-2019-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2581"
},
{
"name": "CVE-2019-2685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2685"
},
{
"name": "CVE-2019-2632",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2632"
},
{
"name": "CVE-2019-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2566"
},
{
"name": "CVE-2019-2606",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2606"
},
{
"name": "CVE-2018-3123",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3123"
},
{
"name": "CVE-2019-2617",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2617"
},
{
"name": "CVE-2019-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2626"
},
{
"name": "CVE-2019-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2625"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2019-2627",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2627"
},
{
"name": "CVE-2019-2631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2631"
},
{
"name": "CVE-2019-2623",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2623"
},
{
"name": "CVE-2019-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2686"
},
{
"name": "CVE-2019-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2694"
},
{
"name": "CVE-2019-2689",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2689"
},
{
"name": "CVE-2019-2683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2683"
},
{
"name": "CVE-2019-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2624"
},
{
"name": "CVE-2019-2592",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2592"
},
{
"name": "CVE-2019-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2687"
},
{
"name": "CVE-2019-2644",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2644"
},
{
"name": "CVE-2019-2580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2580"
},
{
"name": "CVE-2019-2587",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2587"
},
{
"name": "CVE-2019-2593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2593"
},
{
"name": "CVE-2019-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2692"
},
{
"name": "CVE-2019-2614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2614"
},
{
"name": "CVE-2019-2634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2634"
},
{
"name": "CVE-2019-2695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2695"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-2636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2636"
},
{
"name": "CVE-2019-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2691"
},
{
"name": "CVE-2019-2688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2688"
},
{
"name": "CVE-2019-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2584"
},
{
"name": "CVE-2019-2635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2635"
},
{
"name": "CVE-2019-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2693"
},
{
"name": "CVE-2019-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2620"
},
{
"name": "CVE-2019-2681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2681"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-175",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019verbose-5072824 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019-5072813 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
CERTFR-2019-AVI-325
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Junos Space versions antérieures à 19.2R1 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics (JSA) versions antérieures à 7.3.2 Patch 1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 12.3X48-D90, 14.1X53-D130, 14.1X53-D49, 14.1X53-D51, 15.1F6-S12, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X49-D171, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X53-D237, 15.1X53-D238, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S3, 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3, 17.2R3-S1, 17.2X75-D105, 17.3R3-S2, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R3, 18.1R2-S4, 18.1R3-S2, 18.1R3-S3, 18.1R3-S5, 18.1R3-S6, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D12, 18.2X75-D30, 18.2X75-D40, 18.2X75-D50, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R2, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R2, 19.1R1, 19.1R1-S1, 19.1R2 et 19.2R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D115, 14.1X53-D51, 16.1R7-S5, 17.1R3, 17.2R3, 17.2R3-S2, 17.3R3-S2, 17.3R3-S3, 17.4R2, 17.4R2-S5, 17.4R3, 18.1R3, 18.1R3-S1, 18.2R2, 18.3R1, 18.3R2 et 18.4R1 sur séries EX4300 | ||
| Juniper Networks | N/A | Junos OS avec J-Web activé versions antérieures à 12.3R12-S14, 12.3X48-D80, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.2R3-S1, 17.3R3-S5, 17.4R1-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5 et 18.2R1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 19.2R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics (JSA) versions ant\u00e9rieures \u00e0 7.3.2 Patch 1",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 12.3X48-D90, 14.1X53-D130, 14.1X53-D49, 14.1X53-D51, 15.1F6-S12, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X49-D171, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X53-D237, 15.1X53-D238, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S3, 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3, 17.2R3-S1, 17.2X75-D105, 17.3R3-S2, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R3, 18.1R2-S4, 18.1R3-S2, 18.1R3-S3, 18.1R3-S5, 18.1R3-S6, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D12, 18.2X75-D30, 18.2X75-D40, 18.2X75-D50, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R2, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R2, 19.1R1, 19.1R1-S1, 19.1R2 et 19.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D115, 14.1X53-D51, 16.1R7-S5, 17.1R3, 17.2R3, 17.2R3-S2, 17.3R3-S2, 17.3R3-S3, 17.4R2, 17.4R2-S5, 17.4R3, 18.1R3, 18.1R3-S1, 18.2R2, 18.3R1, 18.3R2 et 18.4R1 sur s\u00e9ries EX4300",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS avec J-Web activ\u00e9 versions ant\u00e9rieures \u00e0 12.3R12-S14, 12.3X48-D80, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.2R3-S1, 17.3R3-S5, 17.4R1-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5 et 18.2R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2019-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0049"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2018-15505",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15505"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2018-10902",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
},
{
"name": "CVE-2019-0048",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0048"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2019-0053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0053"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2019-5739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5739"
},
{
"name": "CVE-2019-0052",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0052"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2019-0046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0046"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-11237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11237"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2018-15504",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15504"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2018-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1729"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10938 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10938\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10946 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10946\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10942 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10942\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10949 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10949\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10943 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10943\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10951 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10951\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10950 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10950\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10948 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10948\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10947 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10947\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2021-AVI-912
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM Qradar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM 7.4.x versions ant\u00e9rieures \u00e0 7.4.3 Fix Pack 4",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM 7.3.x versions ant\u00e9rieures \u00e0 7.3.3 Fix Pack 10",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2021-32027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32027"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2018-8029",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8029"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2018-11768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11768"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2020-13954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13954"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2021-32028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32028"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2020-7226",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7226"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2017-15713",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15713"
},
{
"name": "CVE-2017-15804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15804"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-912",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-01T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 IBM 6520674 du 30 novembre 2021.",
"revision_date": "2021-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Qradar.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Qradar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520480 du 30 novembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520480"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520472 du 30 novembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520472"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520674 du 30 novembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520674"
}
]
}
CERTFR-2019-AVI-341
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 5.7.26 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 4.0.9 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.16 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.44 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.14 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.16 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 5.7.26 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 4.0.9 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.16 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.44 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.14 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.16 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2808"
},
{
"name": "CVE-2019-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2879"
},
{
"name": "CVE-2019-2730",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2730"
},
{
"name": "CVE-2019-2740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2740"
},
{
"name": "CVE-2019-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2819"
},
{
"name": "CVE-2019-2811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2811"
},
{
"name": "CVE-2019-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2774"
},
{
"name": "CVE-2019-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2803"
},
{
"name": "CVE-2019-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2814"
},
{
"name": "CVE-2019-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2780"
},
{
"name": "CVE-2019-2743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2743"
},
{
"name": "CVE-2019-2737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2737"
},
{
"name": "CVE-2019-2752",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2752"
},
{
"name": "CVE-2019-2746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2746"
},
{
"name": "CVE-2019-2826",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2826"
},
{
"name": "CVE-2018-15756",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15756"
},
{
"name": "CVE-2019-2778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2778"
},
{
"name": "CVE-2019-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2731"
},
{
"name": "CVE-2019-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2802"
},
{
"name": "CVE-2019-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2800"
},
{
"name": "CVE-2019-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2796"
},
{
"name": "CVE-2019-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2798"
},
{
"name": "CVE-2019-2789",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2789"
},
{
"name": "CVE-2019-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2784"
},
{
"name": "CVE-2019-2758",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2758"
},
{
"name": "CVE-2019-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2810"
},
{
"name": "CVE-2019-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2805"
},
{
"name": "CVE-2019-2785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2785"
},
{
"name": "CVE-2019-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2797"
},
{
"name": "CVE-2019-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2755"
},
{
"name": "CVE-2019-2822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2822"
},
{
"name": "CVE-2019-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2801"
},
{
"name": "CVE-2019-2747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2747"
},
{
"name": "CVE-2019-3822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3822"
},
{
"name": "CVE-2019-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2791"
},
{
"name": "CVE-2019-2815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2815"
},
{
"name": "CVE-2019-2738",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2738"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2812"
},
{
"name": "CVE-2019-2739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2739"
},
{
"name": "CVE-2019-2741",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2741"
},
{
"name": "CVE-2019-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2795"
},
{
"name": "CVE-2019-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2834"
},
{
"name": "CVE-2019-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2757"
},
{
"name": "CVE-2019-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2830"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-341",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019-5072835 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019verbose-5072838 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html#MSQL"
}
]
}
CERTFR-2020-AVI-015
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions 8.5.x antérieures à 8.5.0R4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D12 sur séries QFX5100 et EX4600 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Networking versions antérieures à R1912 | ||
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions antérieures à 8.4.1R19 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 19.4R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur séries MX | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur série EX4300 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D52 sur séries QFX3500 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks SBR Carrier versions 8.5.x ant\u00e9rieures \u00e0 8.5.0R4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D12 sur s\u00e9ries QFX5100 et EX4600",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 R1912",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SBR Carrier versions ant\u00e9rieures \u00e0 8.4.1R19",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 19.4R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur s\u00e9ries MX",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur s\u00e9rie EX4300",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D52 sur s\u00e9ries QFX3500",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2019-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
},
{
"name": "CVE-2020-1611",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1611"
},
{
"name": "CVE-2018-1336",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1336"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2015-5621",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
},
{
"name": "CVE-2018-5743",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5743"
},
{
"name": "CVE-2014-2310",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
},
{
"name": "CVE-2018-9568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2019-11810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
},
{
"name": "CVE-2020-1606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1606"
},
{
"name": "CVE-2007-5846",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2020-1608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1608"
},
{
"name": "CVE-2020-1602",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1602"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"name": "CVE-2017-17805",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
},
{
"name": "CVE-2018-17972",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
},
{
"name": "CVE-2008-6123",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
},
{
"name": "CVE-2020-1601",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1601"
},
{
"name": "CVE-2017-2595",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2595"
},
{
"name": "CVE-2016-7061",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7061"
},
{
"name": "CVE-2019-5489",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
},
{
"name": "CVE-2017-12174",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12174"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2020-1607",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1607"
},
{
"name": "CVE-2012-6151",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
},
{
"name": "CVE-2019-14835",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14835"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2019-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
},
{
"name": "CVE-2020-1604",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1604"
},
{
"name": "CVE-2016-7055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2020-1603",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1603"
},
{
"name": "CVE-2008-4309",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2014-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
},
{
"name": "CVE-2020-1609",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1609"
},
{
"name": "CVE-2020-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1605"
},
{
"name": "CVE-2020-1600",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1600"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10992 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10992\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10986 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10986\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10985 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10985\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10980 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10980\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10981 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10981\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10983 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10983\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10979 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10979\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10987 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10987\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10982 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10982\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10990 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10991 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10991\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10993 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2019-AVI-175
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | Oracle MySQL Enterprise Monitor versions antérieures à 4.0.8 et 8.0.14 | ||
| Oracle | MySQL | Oracle MySQL Connectors versions antérieures à 5.3.12 et 8.0.15 | ||
| Oracle | MySQL | Oracle MySQL Server versions antérieures à 5.6.43, 5.7.25, 8.0.15 | ||
| Oracle | MySQL | Oracle MySQL Enterprise Backup versions antérieures à 3.12.3 et 4.1.2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL Enterprise Monitor versions ant\u00e9rieures \u00e0 4.0.8 et 8.0.14",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Connectors versions ant\u00e9rieures \u00e0 5.3.12 et 8.0.15",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Server versions ant\u00e9rieures \u00e0 5.6.43, 5.7.25, 8.0.15",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Enterprise Backup versions ant\u00e9rieures \u00e0 3.12.3 et 4.1.2",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2585"
},
{
"name": "CVE-2019-2628",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2628"
},
{
"name": "CVE-2019-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2589"
},
{
"name": "CVE-2019-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2596"
},
{
"name": "CVE-2019-2630",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2630"
},
{
"name": "CVE-2019-2607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2607"
},
{
"name": "CVE-2019-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2581"
},
{
"name": "CVE-2019-2685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2685"
},
{
"name": "CVE-2019-2632",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2632"
},
{
"name": "CVE-2019-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2566"
},
{
"name": "CVE-2019-2606",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2606"
},
{
"name": "CVE-2018-3123",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3123"
},
{
"name": "CVE-2019-2617",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2617"
},
{
"name": "CVE-2019-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2626"
},
{
"name": "CVE-2019-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2625"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2019-2627",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2627"
},
{
"name": "CVE-2019-2631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2631"
},
{
"name": "CVE-2019-2623",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2623"
},
{
"name": "CVE-2019-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2686"
},
{
"name": "CVE-2019-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2694"
},
{
"name": "CVE-2019-2689",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2689"
},
{
"name": "CVE-2019-2683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2683"
},
{
"name": "CVE-2019-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2624"
},
{
"name": "CVE-2019-2592",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2592"
},
{
"name": "CVE-2019-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2687"
},
{
"name": "CVE-2019-2644",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2644"
},
{
"name": "CVE-2019-2580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2580"
},
{
"name": "CVE-2019-2587",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2587"
},
{
"name": "CVE-2019-2593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2593"
},
{
"name": "CVE-2019-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2692"
},
{
"name": "CVE-2019-2614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2614"
},
{
"name": "CVE-2019-2634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2634"
},
{
"name": "CVE-2019-2695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2695"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-2636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2636"
},
{
"name": "CVE-2019-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2691"
},
{
"name": "CVE-2019-2688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2688"
},
{
"name": "CVE-2019-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2584"
},
{
"name": "CVE-2019-2635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2635"
},
{
"name": "CVE-2019-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2693"
},
{
"name": "CVE-2019-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2620"
},
{
"name": "CVE-2019-2681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2681"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-175",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019verbose-5072824 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019-5072813 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
CERTFR-2019-AVI-341
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 5.7.26 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 4.0.9 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.16 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.44 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.14 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.16 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 5.7.26 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 4.0.9 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.16 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.44 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.14 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.16 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2808"
},
{
"name": "CVE-2019-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2879"
},
{
"name": "CVE-2019-2730",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2730"
},
{
"name": "CVE-2019-2740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2740"
},
{
"name": "CVE-2019-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2819"
},
{
"name": "CVE-2019-2811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2811"
},
{
"name": "CVE-2019-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2774"
},
{
"name": "CVE-2019-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2803"
},
{
"name": "CVE-2019-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2814"
},
{
"name": "CVE-2019-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2780"
},
{
"name": "CVE-2019-2743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2743"
},
{
"name": "CVE-2019-2737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2737"
},
{
"name": "CVE-2019-2752",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2752"
},
{
"name": "CVE-2019-2746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2746"
},
{
"name": "CVE-2019-2826",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2826"
},
{
"name": "CVE-2018-15756",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15756"
},
{
"name": "CVE-2019-2778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2778"
},
{
"name": "CVE-2019-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2731"
},
{
"name": "CVE-2019-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2802"
},
{
"name": "CVE-2019-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2800"
},
{
"name": "CVE-2019-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2796"
},
{
"name": "CVE-2019-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2798"
},
{
"name": "CVE-2019-2789",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2789"
},
{
"name": "CVE-2019-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2784"
},
{
"name": "CVE-2019-2758",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2758"
},
{
"name": "CVE-2019-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2810"
},
{
"name": "CVE-2019-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2805"
},
{
"name": "CVE-2019-2785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2785"
},
{
"name": "CVE-2019-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2797"
},
{
"name": "CVE-2019-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2755"
},
{
"name": "CVE-2019-2822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2822"
},
{
"name": "CVE-2019-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2801"
},
{
"name": "CVE-2019-2747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2747"
},
{
"name": "CVE-2019-3822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3822"
},
{
"name": "CVE-2019-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2791"
},
{
"name": "CVE-2019-2815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2815"
},
{
"name": "CVE-2019-2738",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2738"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2812"
},
{
"name": "CVE-2019-2739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2739"
},
{
"name": "CVE-2019-2741",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2741"
},
{
"name": "CVE-2019-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2795"
},
{
"name": "CVE-2019-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2834"
},
{
"name": "CVE-2019-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2757"
},
{
"name": "CVE-2019-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2830"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-341",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019-5072835 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019verbose-5072838 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html#MSQL"
}
]
}
CERTFR-2019-AVI-214
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Tenable Nessus Agent. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Agent | Nessus Agent versions antérieures à 7.4.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Agent versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "Nessus Agent",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-214",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Tenable Nessus Agent. Elle\npermet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Tenable Nessus Agent",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2019-03 du 14 mai 2019",
"url": "https://www.tenable.com/security/tns-2019-03"
}
]
}
CERTFR-2021-AVI-912
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM Qradar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM 7.4.x versions ant\u00e9rieures \u00e0 7.4.3 Fix Pack 4",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM 7.3.x versions ant\u00e9rieures \u00e0 7.3.3 Fix Pack 10",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2021-32027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32027"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2018-8029",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8029"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2018-11768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11768"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2020-13954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13954"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2021-32028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32028"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2020-7226",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7226"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2017-15713",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15713"
},
{
"name": "CVE-2017-15804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15804"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-912",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-01T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 IBM 6520674 du 30 novembre 2021.",
"revision_date": "2021-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Qradar.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Qradar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520480 du 30 novembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520480"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520472 du 30 novembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520472"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520674 du 30 novembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520674"
}
]
}
CERTFR-2019-AVI-132
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus 8.2.3 et versions ant\u00e9rieures",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
},
{
"name": "CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-132",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2019-02 du 26 mars 2019",
"url": "https://www.tenable.com/security/tns-2019-02"
}
]
}
CERTFR-2022-AVI-267
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-13082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
},
{
"name": "CVE-2017-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
},
{
"name": "CVE-2017-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
},
{
"name": "CVE-2017-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2007-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
},
{
"name": "CVE-2007-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
},
{
"name": "CVE-2007-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
},
{
"name": "CVE-2008-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
},
{
"name": "CVE-2008-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
},
{
"name": "CVE-2008-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
},
{
"name": "CVE-2008-4226",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
},
{
"name": "CVE-2008-4225",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
},
{
"name": "CVE-2015-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
},
{
"name": "CVE-2015-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
},
{
"name": "CVE-2017-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
},
{
"name": "CVE-2017-7778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
},
{
"name": "CVE-2017-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
},
{
"name": "CVE-2017-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
},
{
"name": "CVE-2017-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
},
{
"name": "CVE-2017-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
},
{
"name": "CVE-2017-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-14492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
},
{
"name": "CVE-2017-14496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2017-14493",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
},
{
"name": "CVE-2017-14494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
},
{
"name": "CVE-2017-14495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2017-17807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2018-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-10132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
},
{
"name": "CVE-2019-11190",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2015-9289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
},
{
"name": "CVE-2019-15217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2019-17133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-17055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
},
{
"name": "CVE-2019-17053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-15807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-15916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2018-14526",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
},
{
"name": "CVE-2019-19055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2019-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
},
{
"name": "CVE-2019-3901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2018-19519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
},
{
"name": "CVE-2020-10713",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
},
{
"name": "CVE-2020-14311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
},
{
"name": "CVE-2020-14309",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
},
{
"name": "CVE-2020-15706",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
},
{
"name": "CVE-2020-14308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
},
{
"name": "CVE-2020-14310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
},
{
"name": "CVE-2020-15705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
},
{
"name": "CVE-2020-15707",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2020-10742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2019-12450",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
},
{
"name": "CVE-2020-12825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2019-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-10754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2019-14822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2017-13722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
},
{
"name": "CVE-2014-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
},
{
"name": "CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"name": "CVE-2018-15746",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2019-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2019-10155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"name": "CVE-2018-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
},
{
"name": "CVE-2020-12662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
},
{
"name": "CVE-2012-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
},
{
"name": "CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"name": "CVE-2018-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
},
{
"name": "CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"name": "CVE-2010-2239",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
},
{
"name": "CVE-2010-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
},
{
"name": "CVE-2017-14167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
},
{
"name": "CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2013-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2018-15857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
},
{
"name": "CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"name": "CVE-2018-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
},
{
"name": "CVE-2014-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2013-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
},
{
"name": "CVE-2016-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
},
{
"name": "CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"name": "CVE-2018-1000301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2019-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
},
{
"name": "CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"name": "CVE-2014-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
},
{
"name": "CVE-2017-1000050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
},
{
"name": "CVE-2018-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
},
{
"name": "CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"name": "CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"name": "CVE-2018-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
},
{
"name": "CVE-2018-15853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
},
{
"name": "CVE-2019-14378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
},
{
"name": "CVE-2016-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
},
{
"name": "CVE-2019-12312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2016-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
},
{
"name": "CVE-2014-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
},
{
"name": "CVE-2014-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
},
{
"name": "CVE-2015-9381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
},
{
"name": "CVE-2016-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
},
{
"name": "CVE-2018-14598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
},
{
"name": "CVE-2014-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2012-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
},
{
"name": "CVE-2018-7208",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
},
{
"name": "CVE-2018-12910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"name": "CVE-2018-15854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
},
{
"name": "CVE-2019-13404",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
},
{
"name": "CVE-2015-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
},
{
"name": "CVE-2018-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
},
{
"name": "CVE-2018-7550",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
},
{
"name": "CVE-2016-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"name": "CVE-2018-19788",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2019-3840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
},
{
"name": "CVE-2016-9189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"name": "CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"name": "CVE-2019-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2019-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
},
{
"name": "CVE-2019-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
},
{
"name": "CVE-2019-14834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
},
{
"name": "CVE-2018-15855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
},
{
"name": "CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"name": "CVE-2018-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
},
{
"name": "CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"name": "CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"name": "CVE-2021-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2017-15268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
},
{
"name": "CVE-2018-15587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
},
{
"name": "CVE-2016-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
},
{
"name": "CVE-2017-13711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
},
{
"name": "CVE-2014-8131",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
},
{
"name": "CVE-2014-9601",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
},
{
"name": "CVE-2014-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
},
{
"name": "CVE-2018-10373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
},
{
"name": "CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"name": "CVE-2011-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
},
{
"name": "CVE-2018-1000802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
},
{
"name": "CVE-2017-7555",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
},
{
"name": "CVE-2016-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
},
{
"name": "CVE-2017-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
},
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2017-11671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
},
{
"name": "CVE-2017-10664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
},
{
"name": "CVE-2018-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
},
{
"name": "CVE-2013-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
},
{
"name": "CVE-2019-10138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
},
{
"name": "CVE-2019-7578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
},
{
"name": "CVE-2020-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
},
{
"name": "CVE-2017-11368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
},
{
"name": "CVE-2018-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
},
{
"name": "CVE-2019-20485",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
},
{
"name": "CVE-2003-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
},
{
"name": "CVE-2017-15289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
},
{
"name": "CVE-2016-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
},
{
"name": "CVE-2017-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
},
{
"name": "CVE-2018-15864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
},
{
"name": "CVE-2017-18207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
},
{
"name": "CVE-2019-12761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
},
{
"name": "CVE-2013-5651",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
},
{
"name": "CVE-2017-17522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
},
{
"name": "CVE-2019-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
},
{
"name": "CVE-2016-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
},
{
"name": "CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"name": "CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
},
{
"name": "CVE-2015-5652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
},
{
"name": "CVE-2019-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2018-10906",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
},
{
"name": "CVE-2018-15863",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
},
{
"name": "CVE-2018-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"name": "CVE-2017-5992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
},
{
"name": "CVE-2019-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2018-1000030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"name": "CVE-2018-7568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
},
{
"name": "CVE-2016-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2018-14599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
},
{
"name": "CVE-2018-10733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
},
{
"name": "CVE-2016-9396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2017-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
},
{
"name": "CVE-2016-1000032",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
},
{
"name": "CVE-2017-15124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
},
{
"name": "CVE-2018-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
},
{
"name": "CVE-2013-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
},
{
"name": "CVE-2019-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
},
{
"name": "CVE-2014-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
},
{
"name": "CVE-2018-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
},
{
"name": "CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"name": "CVE-2018-15856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2019-7573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2010-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
},
{
"name": "CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"name": "CVE-2018-14348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
},
{
"name": "CVE-2019-3890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2019-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
},
{
"name": "CVE-2016-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
},
{
"name": "CVE-2018-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
},
{
"name": "CVE-2013-4297",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
},
{
"name": "CVE-2010-2238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
},
{
"name": "CVE-2018-14600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
},
{
"name": "CVE-2017-13090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
},
{
"name": "CVE-2013-7336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
},
{
"name": "CVE-2018-10372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
},
{
"name": "CVE-2019-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
},
{
"name": "CVE-2018-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
},
{
"name": "CVE-2018-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
},
{
"name": "CVE-2015-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
},
{
"name": "CVE-2018-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
},
{
"name": "CVE-2014-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
},
{
"name": "CVE-2013-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
},
{
"name": "CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"name": "CVE-2014-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
},
{
"name": "CVE-2018-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
},
{
"name": "CVE-2017-16611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
},
{
"name": "CVE-2014-7823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
},
{
"name": "CVE-2020-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
},
{
"name": "CVE-2018-7569",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
},
{
"name": "CVE-2013-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2015-9382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
},
{
"name": "CVE-2017-18190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
},
{
"name": "CVE-2016-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
},
{
"name": "CVE-2018-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
},
{
"name": "CVE-2016-9190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
},
{
"name": "CVE-2019-7574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
},
{
"name": "CVE-2016-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
},
{
"name": "CVE-2016-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
},
{
"name": "CVE-2011-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
},
{
"name": "CVE-2020-5208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
},
{
"name": "CVE-2019-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
},
{
"name": "CVE-2020-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
},
{
"name": "CVE-2020-25637",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
},
{
"name": "CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"name": "CVE-2018-15859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
},
{
"name": "CVE-2017-13089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
},
{
"name": "CVE-2019-12779",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2019-6690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2018-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2016-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
},
{
"name": "CVE-2018-14498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
},
{
"name": "CVE-2018-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
},
{
"name": "CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"name": "CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"name": "CVE-2016-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
},
{
"name": "CVE-2014-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-267",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2019-AVI-453
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar Packet Capture. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Security QRadar Packet Capture versions 7.2.x ant\u00e9rieures \u00e0 7.2.8 Patch 6",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security QRadar Packet Capture versions 7.3.x ant\u00e9rieures \u00e0 7.3.2 GA",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-5739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5739"
},
{
"name": "CVE-2019-5737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5737"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM \u00e9 du 17 septembre 2019",
"url": "https://www.ibm.com/support/pages/security-bulletin-nodejs-used-ibm-qradar-packet-capture-vulnerable-following-cves-cve-2019-1559-cve-2019-5737-cve-2019-5739"
}
],
"reference": "CERTFR-2019-AVI-453",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar Packet\nCapture. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar Packet Capture",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 17 septembre 2019",
"url": null
}
]
}
CERTFR-2019-AVI-599
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Security QRadar Packet Capture versions ant\u00e9rieures \u00e0 7.3.2 Patch 2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
},
{
"name": "CVE-2019-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
},
{
"name": "CVE-2018-9568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
},
{
"name": "CVE-2019-11810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
},
{
"name": "CVE-2017-17805",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
},
{
"name": "CVE-2018-17972",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2019-5489",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2019-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-599",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 1116357 du 27 novembre 2019",
"url": "https://www.ibm.com/support/pages/node/1116357"
}
]
}
CERTFR-2021-AVI-952
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données. IBM note que CentOS 6 est en fin de vie. L'éditeur préconise des actions à envisager pour corriger des défauts de sécurité connus. Lien : http://ibm.biz/qradarcentos6
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.0 à 7.4.3 FP 4 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.0 à 7.3.3 FP 10 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.4.0 \u00e0 7.4.3 FP 4",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3.0 \u00e0 7.3.3 FP 10",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2017-15804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15804"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-952",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es. IBM note que CentOS 6 est en\nfin de vie. L\u0027\u00e9diteur pr\u00e9conise des actions \u00e0 envisager pour corriger\ndes d\u00e9fauts de s\u00e9curit\u00e9 connus. Lien : \u003chttp://ibm.biz/qradarcentos6\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520674 du 14 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520674"
}
]
}
CERTFR-2020-AVI-198
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved | Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO | ||
| Owncloud | Core | JATP-OS All-In-One et JATP-OS Core versions antérieures à 5.0.6.0 | ||
| N/A | N/A | Série NFX250 versions antérieures à 19.2R1 | ||
| N/A | N/A | JSA versions antérieures à 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "JATP-OS All-In-One et JATP-OS Core versions ant\u00e9rieures \u00e0 5.0.6.0",
"product": {
"name": "Core",
"vendor": {
"name": "Owncloud",
"scada": false
}
}
},
{
"description": "S\u00e9rie NFX250 versions ant\u00e9rieures \u00e0 19.2R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JSA versions ant\u00e9rieures \u00e0 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-4556",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4556"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2020-1621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1621"
},
{
"name": "CVE-2019-4509",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4509"
},
{
"name": "CVE-2019-4454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4454"
},
{
"name": "CVE-2019-10173",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10173"
},
{
"name": "CVE-2020-1626",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1626"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2020-1627",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1627"
},
{
"name": "CVE-2020-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1620"
},
{
"name": "CVE-2019-4581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4581"
},
{
"name": "CVE-2019-11478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
},
{
"name": "CVE-2018-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6918"
},
{
"name": "CVE-2018-1139",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1139"
},
{
"name": "CVE-2020-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1615"
},
{
"name": "CVE-2018-11784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11784"
},
{
"name": "CVE-2016-1285",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1285"
},
{
"name": "CVE-2020-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1616"
},
{
"name": "CVE-2020-1618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1618"
},
{
"name": "CVE-2018-10858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10858"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-4470",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4470"
},
{
"name": "CVE-2013-7285",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7285"
},
{
"name": "CVE-2020-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1632"
},
{
"name": "CVE-2020-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1622"
},
{
"name": "CVE-2020-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1634"
},
{
"name": "CVE-2018-6916",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6916"
},
{
"name": "CVE-2019-11479",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
},
{
"name": "CVE-2020-1623",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1623"
},
{
"name": "CVE-2018-11237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11237"
},
{
"name": "CVE-2020-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1619"
},
{
"name": "CVE-2019-11477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
},
{
"name": "CVE-2019-0071",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0071"
},
{
"name": "CVE-2020-1629",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1629"
},
{
"name": "CVE-2020-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1624"
},
{
"name": "CVE-2020-1625",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1625"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2020-1630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1630"
},
{
"name": "CVE-2016-1286",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1286"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4559"
},
{
"name": "CVE-2020-1613",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1613"
},
{
"name": "CVE-2020-1617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1617"
},
{
"name": "CVE-2020-1614",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1614"
},
{
"name": "CVE-2020-1628",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1628"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-198",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11004 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11004\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10997 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10997\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11002 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11002\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10994 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10994\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11003 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11003\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10998 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10998\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11010 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11010\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11013 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11013\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11009 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11009\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11016 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11016\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10999 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10999\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11014 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11014\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11006 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11006\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11008 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11008\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11005 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11005\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11001 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11001\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10996 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10996\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11007 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11007\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11000 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11000\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2020-AVI-691
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper JIMS versions ant\u00e9rieures \u00e0 1.2.1 et 1.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper SBR Carrier tout versions ant\u00e9rieures \u00e0 8.5.0-R17",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper Contrail Networking versions ant\u00e9rieures \u00e0 R2008",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper SBR Carrier 8.6 versions ant\u00e9rieures \u00e0 8.6.0-R12",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2019-1549",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1549"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2019-14846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14846"
},
{
"name": "CVE-2019-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"name": "CVE-2019-1563",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1563"
},
{
"name": "CVE-2016-9841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
},
{
"name": "CVE-2018-20217",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20217"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2020-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2020-5260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5260"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-691",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11087 du 28 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11087\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11074 du 28 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11074\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11073 du 28 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11073\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2020-AVI-015
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions 8.5.x antérieures à 8.5.0R4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D12 sur séries QFX5100 et EX4600 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Networking versions antérieures à R1912 | ||
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions antérieures à 8.4.1R19 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 19.4R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur séries MX | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur série EX4300 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D52 sur séries QFX3500 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks SBR Carrier versions 8.5.x ant\u00e9rieures \u00e0 8.5.0R4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D12 sur s\u00e9ries QFX5100 et EX4600",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 R1912",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SBR Carrier versions ant\u00e9rieures \u00e0 8.4.1R19",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 19.4R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur s\u00e9ries MX",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur s\u00e9rie EX4300",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D52 sur s\u00e9ries QFX3500",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2019-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
},
{
"name": "CVE-2020-1611",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1611"
},
{
"name": "CVE-2018-1336",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1336"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2015-5621",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
},
{
"name": "CVE-2018-5743",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5743"
},
{
"name": "CVE-2014-2310",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
},
{
"name": "CVE-2018-9568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2019-11810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
},
{
"name": "CVE-2020-1606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1606"
},
{
"name": "CVE-2007-5846",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2020-1608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1608"
},
{
"name": "CVE-2020-1602",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1602"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"name": "CVE-2017-17805",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
},
{
"name": "CVE-2018-17972",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
},
{
"name": "CVE-2008-6123",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
},
{
"name": "CVE-2020-1601",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1601"
},
{
"name": "CVE-2017-2595",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2595"
},
{
"name": "CVE-2016-7061",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7061"
},
{
"name": "CVE-2019-5489",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
},
{
"name": "CVE-2017-12174",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12174"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2020-1607",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1607"
},
{
"name": "CVE-2012-6151",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
},
{
"name": "CVE-2019-14835",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14835"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2019-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
},
{
"name": "CVE-2020-1604",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1604"
},
{
"name": "CVE-2016-7055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2020-1603",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1603"
},
{
"name": "CVE-2008-4309",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2014-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
},
{
"name": "CVE-2020-1609",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1609"
},
{
"name": "CVE-2020-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1605"
},
{
"name": "CVE-2020-1600",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1600"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10992 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10992\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10986 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10986\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10985 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10985\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10980 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10980\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10981 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10981\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10983 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10983\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10979 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10979\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10987 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10987\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10982 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10982\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10990 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10991 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10991\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10993 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2020-AVI-691
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper JIMS versions ant\u00e9rieures \u00e0 1.2.1 et 1.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper SBR Carrier tout versions ant\u00e9rieures \u00e0 8.5.0-R17",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper Contrail Networking versions ant\u00e9rieures \u00e0 R2008",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper SBR Carrier 8.6 versions ant\u00e9rieures \u00e0 8.6.0-R12",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2019-1549",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1549"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2019-14846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14846"
},
{
"name": "CVE-2019-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"name": "CVE-2019-1563",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1563"
},
{
"name": "CVE-2016-9841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
},
{
"name": "CVE-2018-20217",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20217"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2020-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2020-5260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5260"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-691",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11087 du 28 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11087\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11074 du 28 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11074\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11073 du 28 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11073\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2019-AVI-453
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar Packet Capture. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Security QRadar Packet Capture versions 7.2.x ant\u00e9rieures \u00e0 7.2.8 Patch 6",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Security QRadar Packet Capture versions 7.3.x ant\u00e9rieures \u00e0 7.3.2 GA",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-5739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5739"
},
{
"name": "CVE-2019-5737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5737"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM \u00e9 du 17 septembre 2019",
"url": "https://www.ibm.com/support/pages/security-bulletin-nodejs-used-ibm-qradar-packet-capture-vulnerable-following-cves-cve-2019-1559-cve-2019-5737-cve-2019-5739"
}
],
"reference": "CERTFR-2019-AVI-453",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar Packet\nCapture. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar Packet Capture",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 17 septembre 2019",
"url": null
}
]
}
CERTFR-2019-AVI-325
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Junos Space versions antérieures à 19.2R1 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics (JSA) versions antérieures à 7.3.2 Patch 1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 12.3X48-D90, 14.1X53-D130, 14.1X53-D49, 14.1X53-D51, 15.1F6-S12, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X49-D171, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X53-D237, 15.1X53-D238, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S3, 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3, 17.2R3-S1, 17.2X75-D105, 17.3R3-S2, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R3, 18.1R2-S4, 18.1R3-S2, 18.1R3-S3, 18.1R3-S5, 18.1R3-S6, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D12, 18.2X75-D30, 18.2X75-D40, 18.2X75-D50, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R2, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R2, 19.1R1, 19.1R1-S1, 19.1R2 et 19.2R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D115, 14.1X53-D51, 16.1R7-S5, 17.1R3, 17.2R3, 17.2R3-S2, 17.3R3-S2, 17.3R3-S3, 17.4R2, 17.4R2-S5, 17.4R3, 18.1R3, 18.1R3-S1, 18.2R2, 18.3R1, 18.3R2 et 18.4R1 sur séries EX4300 | ||
| Juniper Networks | N/A | Junos OS avec J-Web activé versions antérieures à 12.3R12-S14, 12.3X48-D80, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.2R3-S1, 17.3R3-S5, 17.4R1-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5 et 18.2R1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 19.2R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics (JSA) versions ant\u00e9rieures \u00e0 7.3.2 Patch 1",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 12.3X48-D90, 14.1X53-D130, 14.1X53-D49, 14.1X53-D51, 15.1F6-S12, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X49-D171, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X53-D237, 15.1X53-D238, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S3, 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3, 17.2R3-S1, 17.2X75-D105, 17.3R3-S2, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R3, 18.1R2-S4, 18.1R3-S2, 18.1R3-S3, 18.1R3-S5, 18.1R3-S6, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D12, 18.2X75-D30, 18.2X75-D40, 18.2X75-D50, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R2, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R2, 19.1R1, 19.1R1-S1, 19.1R2 et 19.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D115, 14.1X53-D51, 16.1R7-S5, 17.1R3, 17.2R3, 17.2R3-S2, 17.3R3-S2, 17.3R3-S3, 17.4R2, 17.4R2-S5, 17.4R3, 18.1R3, 18.1R3-S1, 18.2R2, 18.3R1, 18.3R2 et 18.4R1 sur s\u00e9ries EX4300",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS avec J-Web activ\u00e9 versions ant\u00e9rieures \u00e0 12.3R12-S14, 12.3X48-D80, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.2R3-S1, 17.3R3-S5, 17.4R1-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5 et 18.2R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2019-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0049"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2018-15505",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15505"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2018-10902",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
},
{
"name": "CVE-2019-0048",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0048"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2019-0053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0053"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2019-5739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5739"
},
{
"name": "CVE-2019-0052",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0052"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2019-0046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0046"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-11237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11237"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2018-15504",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15504"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2018-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1729"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10938 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10938\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10946 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10946\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10942 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10942\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10949 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10949\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10943 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10943\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10951 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10951\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10950 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10950\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10948 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10948\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10947 du 10 juillet 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10947\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2019-AVI-177
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Virtualization. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Virtualization | Oracle Secure Global Desktop version 5.4 | ||
| Oracle | Virtualization | Oracle VM VirtualBox versions antérieures à 5.2.28 et 6.0.6 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Secure Global Desktop version 5.4",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 5.2.28 et 6.0.6",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2703",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2703"
},
{
"name": "CVE-2019-2721",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2721"
},
{
"name": "CVE-2019-2574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2574"
},
{
"name": "CVE-2019-2680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2680"
},
{
"name": "CVE-2019-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2656"
},
{
"name": "CVE-2019-2657",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2657"
},
{
"name": "CVE-2018-11784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11784"
},
{
"name": "CVE-2019-2678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2678"
},
{
"name": "CVE-2019-2679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2679"
},
{
"name": "CVE-2019-2722",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2722"
},
{
"name": "CVE-2019-2723",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2723"
},
{
"name": "CVE-2019-3822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3822"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-2690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2690"
},
{
"name": "CVE-2019-2696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2696"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-177",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle\nVirtualization. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Virtualization",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019verbose-5072824 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html#OVIR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019-5072813 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
CERTFR-2019-AVI-080
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans OpenSSL. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSL versions 1.0.2x ant\u00e9rieures \u00e0 1.0.2r",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-080",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans OpenSSL. Elle permet \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans OpenSSL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 26 f\u00e9vrier 2019",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
]
}
CERTFR-2020-AVI-198
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved | Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO | ||
| Owncloud | Core | JATP-OS All-In-One et JATP-OS Core versions antérieures à 5.0.6.0 | ||
| N/A | N/A | Série NFX250 versions antérieures à 19.2R1 | ||
| N/A | N/A | JSA versions antérieures à 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "JATP-OS All-In-One et JATP-OS Core versions ant\u00e9rieures \u00e0 5.0.6.0",
"product": {
"name": "Core",
"vendor": {
"name": "Owncloud",
"scada": false
}
}
},
{
"description": "S\u00e9rie NFX250 versions ant\u00e9rieures \u00e0 19.2R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JSA versions ant\u00e9rieures \u00e0 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-4556",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4556"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2020-1621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1621"
},
{
"name": "CVE-2019-4509",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4509"
},
{
"name": "CVE-2019-4454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4454"
},
{
"name": "CVE-2019-10173",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10173"
},
{
"name": "CVE-2020-1626",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1626"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2020-1627",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1627"
},
{
"name": "CVE-2020-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1620"
},
{
"name": "CVE-2019-4581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4581"
},
{
"name": "CVE-2019-11478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
},
{
"name": "CVE-2018-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6918"
},
{
"name": "CVE-2018-1139",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1139"
},
{
"name": "CVE-2020-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1615"
},
{
"name": "CVE-2018-11784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11784"
},
{
"name": "CVE-2016-1285",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1285"
},
{
"name": "CVE-2020-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1616"
},
{
"name": "CVE-2020-1618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1618"
},
{
"name": "CVE-2018-10858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10858"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-4470",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4470"
},
{
"name": "CVE-2013-7285",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7285"
},
{
"name": "CVE-2020-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1632"
},
{
"name": "CVE-2020-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1622"
},
{
"name": "CVE-2020-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1634"
},
{
"name": "CVE-2018-6916",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6916"
},
{
"name": "CVE-2019-11479",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
},
{
"name": "CVE-2020-1623",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1623"
},
{
"name": "CVE-2018-11237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11237"
},
{
"name": "CVE-2020-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1619"
},
{
"name": "CVE-2019-11477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
},
{
"name": "CVE-2019-0071",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0071"
},
{
"name": "CVE-2020-1629",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1629"
},
{
"name": "CVE-2020-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1624"
},
{
"name": "CVE-2020-1625",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1625"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2020-1630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1630"
},
{
"name": "CVE-2016-1286",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1286"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4559"
},
{
"name": "CVE-2020-1613",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1613"
},
{
"name": "CVE-2020-1617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1617"
},
{
"name": "CVE-2020-1614",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1614"
},
{
"name": "CVE-2020-1628",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1628"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-198",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11004 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11004\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10997 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10997\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11002 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11002\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10994 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10994\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11003 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11003\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10998 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10998\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11010 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11010\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11013 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11013\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11009 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11009\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11016 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11016\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10999 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10999\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11014 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11014\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11006 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11006\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11008 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11008\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11005 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11005\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11001 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11001\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10996 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10996\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11007 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11007\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11000 du 08 avril 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11000\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2019-AVI-214
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Tenable Nessus Agent. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Agent | Nessus Agent versions antérieures à 7.4.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Agent versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "Nessus Agent",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-214",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Tenable Nessus Agent. Elle\npermet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Tenable Nessus Agent",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2019-03 du 14 mai 2019",
"url": "https://www.tenable.com/security/tns-2019-03"
}
]
}
CERTFR-2019-AVI-599
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Security QRadar Packet Capture versions ant\u00e9rieures \u00e0 7.3.2 Patch 2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
},
{
"name": "CVE-2019-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
},
{
"name": "CVE-2018-9568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
},
{
"name": "CVE-2019-11810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
},
{
"name": "CVE-2017-17805",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
},
{
"name": "CVE-2018-17972",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2019-5489",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2019-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-599",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 1116357 du 27 novembre 2019",
"url": "https://www.ibm.com/support/pages/node/1116357"
}
]
}
CERTFR-2021-AVI-952
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données. IBM note que CentOS 6 est en fin de vie. L'éditeur préconise des actions à envisager pour corriger des défauts de sécurité connus. Lien : http://ibm.biz/qradarcentos6
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.0 à 7.4.3 FP 4 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.0 à 7.3.3 FP 10 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.4.0 \u00e0 7.4.3 FP 4",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3.0 \u00e0 7.3.3 FP 10",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2017-15804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15804"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-952",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es. IBM note que CentOS 6 est en\nfin de vie. L\u0027\u00e9diteur pr\u00e9conise des actions \u00e0 envisager pour corriger\ndes d\u00e9fauts de s\u00e9curit\u00e9 connus. Lien : \u003chttp://ibm.biz/qradarcentos6\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6520674 du 14 d\u00e9cembre 2021",
"url": "https://www.ibm.com/support/pages/node/6520674"
}
]
}
FKIE_CVE-2019-1559
Vulnerability from fkie_nvd - Published: 2019-02-27 23:29 - Updated: 2024-11-21 04:36
Severity ?
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
| URL | Tags | ||
|---|---|---|---|
| openssl-security@openssl.org | http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html | Mailing List, Third Party Advisory | |
| openssl-security@openssl.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html | Mailing List, Third Party Advisory | |
| openssl-security@openssl.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html | Mailing List, Third Party Advisory | |
| openssl-security@openssl.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html | Mailing List, Third Party Advisory | |
| openssl-security@openssl.org | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html | Mailing List, Third Party Advisory | |
| openssl-security@openssl.org | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html | Mailing List, Third Party Advisory | |
| openssl-security@openssl.org | http://www.securityfocus.com/bid/107174 | Third Party Advisory, VDB Entry | |
| openssl-security@openssl.org | https://access.redhat.com/errata/RHSA-2019:2304 | Third Party Advisory | |
| openssl-security@openssl.org | https://access.redhat.com/errata/RHSA-2019:2437 | Third Party Advisory | |
| openssl-security@openssl.org | https://access.redhat.com/errata/RHSA-2019:2439 | Third Party Advisory | |
| openssl-security@openssl.org | https://access.redhat.com/errata/RHSA-2019:2471 | Third Party Advisory | |
| openssl-security@openssl.org | https://access.redhat.com/errata/RHSA-2019:3929 | Third Party Advisory | |
| openssl-security@openssl.org | https://access.redhat.com/errata/RHSA-2019:3931 | Third Party Advisory | |
| openssl-security@openssl.org | https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e | ||
| openssl-security@openssl.org | https://kc.mcafee.com/corporate/index?page=content&id=SB10282 | Third Party Advisory | |
| openssl-security@openssl.org | https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html | Mailing List, Third Party Advisory | |
| openssl-security@openssl.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ | ||
| openssl-security@openssl.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ | ||
| openssl-security@openssl.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ | ||
| openssl-security@openssl.org | https://security.gentoo.org/glsa/201903-10 | Third Party Advisory | |
| openssl-security@openssl.org | https://security.netapp.com/advisory/ntap-20190301-0001/ | Patch, Third Party Advisory | |
| openssl-security@openssl.org | https://security.netapp.com/advisory/ntap-20190301-0002/ | Broken Link, Third Party Advisory | |
| openssl-security@openssl.org | https://security.netapp.com/advisory/ntap-20190423-0002/ | Third Party Advisory | |
| openssl-security@openssl.org | https://support.f5.com/csp/article/K18549143 | Third Party Advisory | |
| openssl-security@openssl.org | https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS | ||
| openssl-security@openssl.org | https://usn.ubuntu.com/3899-1/ | Third Party Advisory | |
| openssl-security@openssl.org | https://usn.ubuntu.com/4376-2/ | Broken Link | |
| openssl-security@openssl.org | https://www.debian.org/security/2019/dsa-4400 | Third Party Advisory | |
| openssl-security@openssl.org | https://www.openssl.org/news/secadv/20190226.txt | Vendor Advisory | |
| openssl-security@openssl.org | https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory | |
| openssl-security@openssl.org | https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory | |
| openssl-security@openssl.org | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| openssl-security@openssl.org | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| openssl-security@openssl.org | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch, Third Party Advisory | |
| openssl-security@openssl.org | https://www.tenable.com/security/tns-2019-02 | Patch, Third Party Advisory | |
| openssl-security@openssl.org | https://www.tenable.com/security/tns-2019-03 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107174 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2304 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2437 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2439 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2471 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3929 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3931 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://kc.mcafee.com/corporate/index?page=content&id=SB10282 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201903-10 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190301-0001/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190301-0002/ | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190423-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K18549143 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3899-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4376-2/ | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4400 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openssl.org/news/secadv/20190226.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2019-02 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2019-03 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | - | |
| netapp | altavault | - | |
| netapp | cloud_backup | - | |
| netapp | clustered_data_ontap_antivirus_connector | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | hyper_converged_infrastructure | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | oncommand_unified_manager_core_package | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | ontap_select_deploy | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | santricity_smi-s_provider | - | |
| netapp | service_processor | - | |
| netapp | smi-s_provider | - | |
| netapp | snapcenter | - | |
| netapp | snapdrive | - | |
| netapp | snapdrive | - | |
| netapp | snapprotect | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | storage_automation_store | - | |
| netapp | storagegrid | * | |
| netapp | storagegrid | - | |
| netapp | hci_compute_node | - | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_edge_gateway | * | |
| f5 | big-ip_edge_gateway | * | |
| f5 | big-ip_edge_gateway | * | |
| f5 | big-ip_edge_gateway | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-iq_centralized_management | * | |
| f5 | big-iq_centralized_management | * | |
| f5 | traffix_signaling_delivery_controller | * | |
| f5 | traffix_signaling_delivery_controller | 4.4.0 | |
| tenable | nessus | * | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 42.3 | |
| netapp | cn1610_firmware | - | |
| netapp | cn1610 | - | |
| netapp | a320_firmware | - | |
| netapp | a320 | - | |
| netapp | c190_firmware | - | |
| netapp | c190 | - | |
| netapp | a220_firmware | - | |
| netapp | a220 | - | |
| netapp | fas2720_firmware | - | |
| netapp | fas2720 | - | |
| netapp | fas2750_firmware | - | |
| netapp | fas2750 | - | |
| netapp | a800_firmware | - | |
| netapp | a800 | - | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| mcafee | agent | * | |
| mcafee | data_exchange_layer | * | |
| mcafee | threat_intelligence_exchange_server | * | |
| mcafee | web_gateway | * | |
| redhat | jboss_enterprise_web_server | 5.0.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | virtualization | 4.0 | |
| redhat | virtualization_host | 4.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| oracle | api_gateway | 11.1.2.4.0 | |
| oracle | business_intelligence | 11.1.1.9.0 | |
| oracle | business_intelligence | 12.2.1.3.0 | |
| oracle | business_intelligence | 12.2.1.4.0 | |
| oracle | communications_diameter_signaling_router | 8.0.0 | |
| oracle | communications_diameter_signaling_router | 8.1 | |
| oracle | communications_diameter_signaling_router | 8.2 | |
| oracle | communications_diameter_signaling_router | 8.3 | |
| oracle | communications_diameter_signaling_router | 8.4 | |
| oracle | communications_performance_intelligence_center | 10.4.0.2 | |
| oracle | communications_session_border_controller | 7.4 | |
| oracle | communications_session_border_controller | 8.0.0 | |
| oracle | communications_session_border_controller | 8.1.0 | |
| oracle | communications_session_border_controller | 8.2 | |
| oracle | communications_session_border_controller | 8.3 | |
| oracle | communications_session_router | 7.4 | |
| oracle | communications_session_router | 8.0 | |
| oracle | communications_session_router | 8.1 | |
| oracle | communications_session_router | 8.2 | |
| oracle | communications_session_router | 8.3 | |
| oracle | communications_unified_session_manager | 7.3.5 | |
| oracle | communications_unified_session_manager | 8.2.5 | |
| oracle | endeca_server | 7.7.0 | |
| oracle | enterprise_manager_base_platform | 12.1.0.5.0 | |
| oracle | enterprise_manager_base_platform | 13.2.0.0.0 | |
| oracle | enterprise_manager_base_platform | 13.3.0.0.0 | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | jd_edwards_world_security | a9.3 | |
| oracle | jd_edwards_world_security | a9.3.1 | |
| oracle | jd_edwards_world_security | a9.4 | |
| oracle | mysql | * | |
| oracle | mysql | * | |
| oracle | mysql | * | |
| oracle | mysql_enterprise_monitor | * | |
| oracle | mysql_enterprise_monitor | * | |
| oracle | mysql_workbench | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.55 | |
| oracle | peoplesoft_enterprise_peopletools | 8.56 | |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | |
| oracle | secure_global_desktop | 5.4 | |
| oracle | services_tools_bundle | 19.2 | |
| paloaltonetworks | pan-os | * | |
| paloaltonetworks | pan-os | * | |
| paloaltonetworks | pan-os | * | |
| paloaltonetworks | pan-os | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB0EC34-4625-4B2A-8AB9-0764D9D9E6BC",
"versionEndExcluding": "1.0.2r",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E878102-1EA0-4D83-9F36-955DCF902211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "893C0367-DD1A-4754-B9E0-4944344108EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "EB2FB857-5F1F-46E5-A90C-AFB990BF1660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4D418D-B526-46B9-B439-E1963BF88C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F74F467A-0C81-40D9-BA06-40FB8EF02C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
"versionEndIncluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3B5688-0235-4D4F-A26C-440FF24A1B43",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "706316DC-8C24-4D9E-B7B4-F62CB52106B8",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBB9E7C-08D1-4B30-AD3B-CADBF30D756B",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "151ED6D1-AA85-4213-8F3A-8167CBEC4721",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA83D61-1A50-47F5-B9BE-15D672A6DDAD",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "925049D0-082E-4CED-9996-A55620A220CF",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "830028B5-9BAF-439C-8166-1053C0CB9836",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5AA99B-08E7-4959-A3B4-41AA527B4B22",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22C64069-68D1-445F-B20D-FD1FF8DB0F71",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D87C038-B96D-4EA8-AB03-0401B2C9BB24",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01BC2A57-030F-4A13-B584-BE2627EA3FE7",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC86A5F-C793-4848-901F-04BFB57A07F6",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE03A8F-DAE1-4923-9741-DC89FA8A6FD8",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "037C035C-9CFC-4224-8264-6132252D11FD",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD91F1A1-67F5-4547-848B-21664A9CC685",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E616EB-F2F9-43BF-A23D-8FD0650DA85B",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10367A28-787A-4FAB-80AD-ADD67A751732",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55C2EC23-E78F-4447-BACF-21FC36ABF155",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "180D2770-61F3-4CFB-B5FA-1CF1796D4B3E",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46712630-407A-4E61-B62F-3AB156353A1D",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21E18EA5-2210-41B1-87B0-55AB16514FE2",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFCCCFF-8B66-4C8B-A99A-32964855EF98",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0BD10F-735D-4442-828B-0B90207ABEAD",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB033-AE0F-46A0-8E98-3A6AE36EADAE",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC06609D-C362-4214-8487-2278161B5EAD",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "945A19E8-51EB-42FE-9BF1-12DAC78B5286",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2008DD47-CC1D-430F-8478-E90617F5F998",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC39F6EE-478A-4638-B97D-3C25FD318F3D",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "317C50A2-FE92-4C78-A94A-062274E6A6A8",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5007D0-BBDB-4D74-9C88-98FBA74757D1",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "389B6330-3041-4892-97D5-B5A6D9CE1487",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C556587-6963-49CF-8A2B-00431B386D78",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D748001D-340C-45C4-A2D0-0575538C5CEC",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7725810-66D2-4460-A174-9F3BFAD966F2",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7854954-A9A4-487B-B6C7-8DC1F83F4BD7",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "572B1078-60C4-4A71-A0F4-2E2F4FBC4102",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0371EB7C-3D41-4B8C-8FA9-DC6F42442448",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD760FE-4347-4D36-B5C6-4009398060F2",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7588DA-75D3-4374-8871-D92E95509C91",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C95403E8-A078-47E8-9B2F-F572D24C79EF",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1BC0A8-5868-4FCA-80A5-661C3870EB7D",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B76F53-7D8B-477E-8B6E-91AC0A9009FF",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E824BD72-428F-4A8D-ABE6-2A45EB9A4E3A",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0585424E-3F74-400E-8199-ED964317F89F",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6CF6F4-D68A-45C3-A36E-A8B3AF61367F",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2ADF37B-FCEB-4735-82D9-4241E3A4DE64",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7722F39-9B7E-4267-B757-B9570B039323",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C",
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88B0206-093A-4A18-8322-A1CD1D4ACF2A",
"versionEndIncluding": "7.1.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "427DA624-2397-4A61-A2ED-23F5C22C174E",
"versionEndIncluding": "8.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADE5E80-06D3-4A1B-A655-FBB6CCA03939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75A43965-CB2E-4C28-AFC3-1ADE7A6B845C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2D2745-242C-4603-899E-70C9025BDDD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB4541D-5EF7-4266-BFF3-2DDEC95E8012",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FD1DA9-7980-4643-B378-7095892DA176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "347E9E3E-941C-4109-B59F-B9BB05486B34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD661062-0D5B-4671-9D92-FEF8D7395C1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B36CECA5-4545-49C2-92EB-B739407B207F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E7549A-DE35-4274-B3F6-22D51C7A6613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD9362E-F36F-4820-A29E-5BDDF6AC3ACE",
"versionEndIncluding": "5.6.4",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02630E85-191E-4C58-B81B-4DAF93A26856",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D5476E-FBF9-474B-87E1-B6459E52736C",
"versionEndExcluding": "3.0.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD5E877-978C-4A16-B6C5-41A30D020B54",
"versionEndExcluding": "9.0.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F04157-FB34-4F22-B328-6BE1F2373DEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "523CD57C-43D4-4C79-BA00-A9A65C6588E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E5E8B0-EDE5-4FE4-880C-766FAE1EA42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EDA23C-7F75-4712-AF3F-B0E3597810B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D139E52-0528-4D05-8502-1AB9AB10CA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C05190B9-237F-4E2E-91EA-DB1B738864AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D0F0C0-75EB-4685-A4CD-E58D1F2C6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59717B5-34D5-4C83-904A-884ED30DFC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19BA6F25-B88A-42A1-A9E3-2DCF4E8F51A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E28B437-64A8-456C-98A1-4ADF5B6A2F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D705705-0D0D-468B-A140-C9A1B7A6CE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB35D4-9CCD-43D3-B482-E0BEB3BF2351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB468FEE-A0F4-49A0-BBEE-10D0733C87D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB290045-2140-47EE-9BB4-35BAE8F1599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83800E2F-804C-485D-A8FA-F4B32CDB4548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60BEB1C6-C279-4BB0-972C-BE28A6605C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C637AC8A-F5F7-447E-A7F6-D6BA7AB45DF9",
"versionEndIncluding": "5.6.43",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA988288-7D0C-4ADE-BE61-484D2D555A8A",
"versionEndIncluding": "5.7.25",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E106D13-CBF8-4A2C-8E89-A66C6EF5D408",
"versionEndIncluding": "8.0.15",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBC7A65-3C0B-4B17-B087-250E69EE5B12",
"versionEndIncluding": "4.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A443D73A-63BE-4D1F-B605-0F7D20915518",
"versionEndIncluding": "8.0.14",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71CD99E7-3FE7-42E2-B480-7AA0E543340E",
"versionEndIncluding": "8.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DAD71E-A6D5-4CA9-A016-100F2D5114A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F457852F-D998-4BCF-99FE-09C6DFC8851A",
"versionEndExcluding": "7.1.15",
"versionStartIncluding": "7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA311D7-0ADC-497A-8A47-5AB864F201DE",
"versionEndExcluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F57DBD8-DCA7-43FB-AC9E-6BDBB3EBE500",
"versionEndExcluding": "8.1.8",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1987BB-8F42-48F0-8FE2-70ABD689F434",
"versionEndExcluding": "9.0.2",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "FD2FB20C-EC88-4CD3-BC6E-1E65FAFADC36",
"versionEndExcluding": "6.17.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "A94F4836-1873-43F4-916E-9D9B302A053A",
"versionEndExcluding": "8.15.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
},
{
"lang": "es",
"value": "Si una aplicaci\u00f3n encuentra un error de protocolo \"fatal\" y llama a SSL_shutdown() dos veces (una vez para enviar un close_notify y otra vez para recibir uno de \u00e9stos), posteriormente OpenSLL puede responder de manera diferente a la aplicaci\u00f3n llamante si un registro de 0 byte se recibe con un relleno inv\u00e1lido, comparado con si un registro de 0 bytes se recibe con un MAC inv\u00e1lido."
}
],
"id": "CVE-2019-1559",
"lastModified": "2024-11-21T04:36:48.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-27T23:29:00.277",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"source": "openssl-security@openssl.org",
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-03"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
SUSE-SU-2019:0658-1
Vulnerability from csaf_suse - Published: 2019-03-20 13:32 - Updated: 2019-03-20 13:32Summary
Security update for nodejs4
Notes
Title of the patch
Security update for nodejs4
Description of the patch
This update for nodejs4 fixes the following issues:
Security issues fixed:
- CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service
when HTTP connection are kept active (bsc#1127533).
- CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service
when HTTP connection are kept active (bsc#1127532).
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances
a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
Patchnames
SUSE-2019-658,SUSE-SLE-Module-Web-Scripting-12-2019-658,SUSE-Storage-4-2019-658
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs4 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service \n when HTTP connection are kept active (bsc#1127533).\n- CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service\n when HTTP connection are kept active (bsc#1127532).\n- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances \n a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).\t \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-658,SUSE-SLE-Module-Web-Scripting-12-2019-658,SUSE-Storage-4-2019-658",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0658-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0658-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190658-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0658-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005212.html"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE Bug 1127532",
"url": "https://bugzilla.suse.com/1127532"
},
{
"category": "self",
"summary": "SUSE Bug 1127533",
"url": "https://bugzilla.suse.com/1127533"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5737 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5739 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5739/"
}
],
"title": "Security update for nodejs4",
"tracking": {
"current_release_date": "2019-03-20T13:32:01Z",
"generator": {
"date": "2019-03-20T13:32:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0658-1",
"initial_release_date": "2019-03-20T13:32:01Z",
"revision_history": [
{
"date": "2019-03-20T13:32:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs4-4.9.1-15.20.1.aarch64",
"product": {
"name": "nodejs4-4.9.1-15.20.1.aarch64",
"product_id": "nodejs4-4.9.1-15.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs4-devel-4.9.1-15.20.1.aarch64",
"product": {
"name": "nodejs4-devel-4.9.1-15.20.1.aarch64",
"product_id": "nodejs4-devel-4.9.1-15.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm4-4.9.1-15.20.1.aarch64",
"product": {
"name": "npm4-4.9.1-15.20.1.aarch64",
"product_id": "npm4-4.9.1-15.20.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs4-4.9.1-15.20.1.i586",
"product": {
"name": "nodejs4-4.9.1-15.20.1.i586",
"product_id": "nodejs4-4.9.1-15.20.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs4-devel-4.9.1-15.20.1.i586",
"product": {
"name": "nodejs4-devel-4.9.1-15.20.1.i586",
"product_id": "nodejs4-devel-4.9.1-15.20.1.i586"
}
},
{
"category": "product_version",
"name": "npm4-4.9.1-15.20.1.i586",
"product": {
"name": "npm4-4.9.1-15.20.1.i586",
"product_id": "npm4-4.9.1-15.20.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs4-docs-4.9.1-15.20.1.noarch",
"product": {
"name": "nodejs4-docs-4.9.1-15.20.1.noarch",
"product_id": "nodejs4-docs-4.9.1-15.20.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs4-4.9.1-15.20.1.ppc64le",
"product": {
"name": "nodejs4-4.9.1-15.20.1.ppc64le",
"product_id": "nodejs4-4.9.1-15.20.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs4-devel-4.9.1-15.20.1.ppc64le",
"product": {
"name": "nodejs4-devel-4.9.1-15.20.1.ppc64le",
"product_id": "nodejs4-devel-4.9.1-15.20.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm4-4.9.1-15.20.1.ppc64le",
"product": {
"name": "npm4-4.9.1-15.20.1.ppc64le",
"product_id": "npm4-4.9.1-15.20.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs4-4.9.1-15.20.1.x86_64",
"product": {
"name": "nodejs4-4.9.1-15.20.1.x86_64",
"product_id": "nodejs4-4.9.1-15.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs4-devel-4.9.1-15.20.1.x86_64",
"product": {
"name": "nodejs4-devel-4.9.1-15.20.1.x86_64",
"product_id": "nodejs4-devel-4.9.1-15.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm4-4.9.1-15.20.1.x86_64",
"product": {
"name": "npm4-4.9.1-15.20.1.x86_64",
"product_id": "npm4-4.9.1-15.20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-4.9.1-15.20.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.aarch64"
},
"product_reference": "nodejs4-4.9.1-15.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-4.9.1-15.20.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.ppc64le"
},
"product_reference": "nodejs4-4.9.1-15.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-4.9.1-15.20.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.x86_64"
},
"product_reference": "nodejs4-4.9.1-15.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-devel-4.9.1-15.20.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.aarch64"
},
"product_reference": "nodejs4-devel-4.9.1-15.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-devel-4.9.1-15.20.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.ppc64le"
},
"product_reference": "nodejs4-devel-4.9.1-15.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-devel-4.9.1-15.20.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.x86_64"
},
"product_reference": "nodejs4-devel-4.9.1-15.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-docs-4.9.1-15.20.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1.noarch"
},
"product_reference": "nodejs4-docs-4.9.1-15.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm4-4.9.1-15.20.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.aarch64"
},
"product_reference": "npm4-4.9.1-15.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm4-4.9.1-15.20.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.ppc64le"
},
"product_reference": "npm4-4.9.1-15.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm4-4.9.1-15.20.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.x86_64"
},
"product_reference": "npm4-4.9.1-15.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-4.9.1-15.20.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.aarch64"
},
"product_reference": "nodejs4-4.9.1-15.20.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-4.9.1-15.20.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.x86_64"
},
"product_reference": "nodejs4-4.9.1-15.20.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-20T13:32:01Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
},
{
"cve": "CVE-2019-5737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5737"
}
],
"notes": [
{
"category": "general",
"text": "In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5737",
"url": "https://www.suse.com/security/cve/CVE-2019-5737"
},
{
"category": "external",
"summary": "SUSE Bug 1127532 for CVE-2019-5737",
"url": "https://bugzilla.suse.com/1127532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-20T13:32:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-5737"
},
{
"cve": "CVE-2019-5739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5739"
}
],
"notes": [
{
"category": "general",
"text": "Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5739",
"url": "https://www.suse.com/security/cve/CVE-2019-5739"
},
{
"category": "external",
"summary": "SUSE Bug 1127533 for CVE-2019-5739",
"url": "https://bugzilla.suse.com/1127533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-20T13:32:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-5739"
}
]
}
SUSE-SU-2019:1362-1
Vulnerability from csaf_suse - Published: 2019-05-28 08:50 - Updated: 2019-05-28 08:50Summary
Security update for openssl
Notes
Title of the patch
Security update for openssl
Description of the patch
This update for openssl fixes the following issues:
Security issue fixed:
- CVE-2019-1559: Fixed a 0-byte record padding oracle via SSL_shutdown (bsc#1127080).
Patchnames
SUSE-2019-1362,SUSE-SLE-SAP-12-SP1-2019-1362,SUSE-SLE-SERVER-12-SP1-2019-1362
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-1559: Fixed a 0-byte record padding oracle via SSL_shutdown (bsc#1127080).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-1362,SUSE-SLE-SAP-12-SP1-2019-1362,SUSE-SLE-SERVER-12-SP1-2019-1362",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1362-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:1362-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191362-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:1362-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005508.html"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2019-05-28T08:50:04Z",
"generator": {
"date": "2019-05-28T08:50:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:1362-1",
"initial_release_date": "2019-05-28T08:50:04Z",
"revision_history": [
{
"date": "2019-05-28T08:50:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-54.26.1.aarch64",
"product": {
"name": "libopenssl-devel-1.0.1i-54.26.1.aarch64",
"product_id": "libopenssl-devel-1.0.1i-54.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.26.1.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.26.1.aarch64",
"product_id": "libopenssl1_0_0-1.0.1i-54.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.26.1.aarch64",
"product": {
"name": "openssl-1.0.1i-54.26.1.aarch64",
"product_id": "openssl-1.0.1i-54.26.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-64bit-1.0.1i-54.26.1.aarch64_ilp32",
"product": {
"name": "libopenssl-devel-64bit-1.0.1i-54.26.1.aarch64_ilp32",
"product_id": "libopenssl-devel-64bit-1.0.1i-54.26.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-64bit-1.0.1i-54.26.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-64bit-1.0.1i-54.26.1.aarch64_ilp32",
"product_id": "libopenssl1_0_0-64bit-1.0.1i-54.26.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-64bit-1.0.1i-54.26.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-hmac-64bit-1.0.1i-54.26.1.aarch64_ilp32",
"product_id": "libopenssl1_0_0-hmac-64bit-1.0.1i-54.26.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-54.26.1.i586",
"product": {
"name": "libopenssl-devel-1.0.1i-54.26.1.i586",
"product_id": "libopenssl-devel-1.0.1i-54.26.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.26.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.26.1.i586",
"product_id": "libopenssl1_0_0-1.0.1i-54.26.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.i586",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.i586",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.26.1.i586",
"product": {
"name": "openssl-1.0.1i-54.26.1.i586",
"product_id": "openssl-1.0.1i-54.26.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-doc-1.0.1i-54.26.1.noarch",
"product": {
"name": "openssl-doc-1.0.1i-54.26.1.noarch",
"product_id": "openssl-doc-1.0.1i-54.26.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-54.26.1.ppc64le",
"product": {
"name": "libopenssl-devel-1.0.1i-54.26.1.ppc64le",
"product_id": "libopenssl-devel-1.0.1i-54.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.26.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.26.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.1i-54.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.26.1.ppc64le",
"product": {
"name": "openssl-1.0.1i-54.26.1.ppc64le",
"product_id": "openssl-1.0.1i-54.26.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-54.26.1.s390",
"product": {
"name": "libopenssl-devel-1.0.1i-54.26.1.s390",
"product_id": "libopenssl-devel-1.0.1i-54.26.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.26.1.s390",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.26.1.s390",
"product_id": "libopenssl1_0_0-1.0.1i-54.26.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.26.1.s390",
"product": {
"name": "openssl-1.0.1i-54.26.1.s390",
"product_id": "openssl-1.0.1i-54.26.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-54.26.1.s390x",
"product": {
"name": "libopenssl-devel-1.0.1i-54.26.1.s390x",
"product_id": "libopenssl-devel-1.0.1i-54.26.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-1.0.1i-54.26.1.s390x",
"product": {
"name": "libopenssl-devel-32bit-1.0.1i-54.26.1.s390x",
"product_id": "libopenssl-devel-32bit-1.0.1i-54.26.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.26.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.26.1.s390x",
"product_id": "libopenssl1_0_0-1.0.1i-54.26.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.26.1.s390x",
"product": {
"name": "openssl-1.0.1i-54.26.1.s390x",
"product_id": "openssl-1.0.1i-54.26.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-54.26.1.x86_64",
"product": {
"name": "libopenssl-devel-1.0.1i-54.26.1.x86_64",
"product_id": "libopenssl-devel-1.0.1i-54.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-1.0.1i-54.26.1.x86_64",
"product": {
"name": "libopenssl-devel-32bit-1.0.1i-54.26.1.x86_64",
"product_id": "libopenssl-devel-32bit-1.0.1i-54.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.26.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.26.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1i-54.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.26.1.x86_64",
"product": {
"name": "openssl-1.0.1i-54.26.1.x86_64",
"product_id": "openssl-1.0.1i-54.26.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.26.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.26.1.x86_64"
},
"product_reference": "openssl-1.0.1i-54.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.1i-54.26.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.26.1.noarch"
},
"product_reference": "openssl-doc-1.0.1i-54.26.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.26.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.26.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.26.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.26.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.26.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.ppc64le"
},
"product_reference": "openssl-1.0.1i-54.26.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.26.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.s390x"
},
"product_reference": "openssl-1.0.1i-54.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.x86_64"
},
"product_reference": "openssl-1.0.1i-54.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.1i-54.26.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.26.1.noarch"
},
"product_reference": "openssl-doc-1.0.1i-54.26.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.26.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.26.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.26.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.26.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.26.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-28T08:50:04Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
SUSE-SU-2019:1553-1
Vulnerability from csaf_suse - Published: 2019-06-18 16:29 - Updated: 2019-06-18 16:29Summary
Security update for openssl
Notes
Title of the patch
Security update for openssl
Description of the patch
This update for openssl fixes the following issues:
- CVE-2018-0732: Reject excessively large primes in DH key generation (bsc#1097158)
- CVE-2018-0734: Timing vulnerability in DSA signature generation (bsc#1113652)
- CVE-2018-0737: Cache timing vulnerability in RSA Key Generation (bsc#1089039)
- CVE-2018-5407: Elliptic curve scalar multiplication timing attack defenses (fixes 'PortSmash') (bsc#1113534)
- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)
- Fix One&Done side-channel attack on RSA (bsc#1104789)
- Reject invalid EC point coordinates (bsc#1131291)
- The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951)
- Add missing error string to CVE-2016-8610 fix (bsc#1110018#c9)
- blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)
Non security fixes:
- correct the error detection in the fips patch (bsc#1106197)
- Add openssl(cli) Provide so the packages that require the openssl
binary can require this instead of the new openssl meta package
(bsc#1101470)
Patchnames
SUSE-2019-1553,SUSE-SLE-SERVER-12-2019-1553
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n \nThis update for openssl fixes the following issues:\n\n- CVE-2018-0732: Reject excessively large primes in DH key generation (bsc#1097158)\n- CVE-2018-0734: Timing vulnerability in DSA signature generation (bsc#1113652)\n- CVE-2018-0737: Cache timing vulnerability in RSA Key Generation (bsc#1089039)\n- CVE-2018-5407: Elliptic curve scalar multiplication timing attack defenses (fixes \u0027PortSmash\u0027) (bsc#1113534)\n- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)\n- Fix One\u0026Done side-channel attack on RSA (bsc#1104789)\n- Reject invalid EC point coordinates (bsc#1131291)\n- The 9 Lives of Bleichenbacher\u0027s CAT: Cache ATtacks on TLS Implementations (bsc#1117951)\n- Add missing error string to CVE-2016-8610 fix (bsc#1110018#c9)\n- blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)\n\nNon security fixes:\n\n- correct the error detection in the fips patch (bsc#1106197)\n- Add openssl(cli) Provide so the packages that require the openssl\n binary can require this instead of the new openssl meta package\n (bsc#1101470)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-1553,SUSE-SLE-SERVER-12-2019-1553",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1553-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:1553-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191553-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:1553-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-June/005586.html"
},
{
"category": "self",
"summary": "SUSE Bug 1089039",
"url": "https://bugzilla.suse.com/1089039"
},
{
"category": "self",
"summary": "SUSE Bug 1097158",
"url": "https://bugzilla.suse.com/1097158"
},
{
"category": "self",
"summary": "SUSE Bug 1097624",
"url": "https://bugzilla.suse.com/1097624"
},
{
"category": "self",
"summary": "SUSE Bug 1098592",
"url": "https://bugzilla.suse.com/1098592"
},
{
"category": "self",
"summary": "SUSE Bug 1101470",
"url": "https://bugzilla.suse.com/1101470"
},
{
"category": "self",
"summary": "SUSE Bug 1104789",
"url": "https://bugzilla.suse.com/1104789"
},
{
"category": "self",
"summary": "SUSE Bug 1106197",
"url": "https://bugzilla.suse.com/1106197"
},
{
"category": "self",
"summary": "SUSE Bug 1110018",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE Bug 1117951",
"url": "https://bugzilla.suse.com/1117951"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE Bug 1131291",
"url": "https://bugzilla.suse.com/1131291"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8610 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0732 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0737 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2019-06-18T16:29:26Z",
"generator": {
"date": "2019-06-18T16:29:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:1553-1",
"initial_release_date": "2019-06-18T16:29:26Z",
"revision_history": [
{
"date": "2019-06-18T16:29:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.aarch64",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.aarch64",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.aarch64",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.aarch64",
"product": {
"name": "openssl-1.0.1i-27.34.1.aarch64",
"product_id": "openssl-1.0.1i-27.34.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product": {
"name": "libopenssl-devel-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product_id": "libopenssl-devel-64bit-1.0.1i-27.34.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product_id": "libopenssl1_0_0-64bit-1.0.1i-27.34.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-hmac-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product_id": "libopenssl1_0_0-hmac-64bit-1.0.1i-27.34.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.i586",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.i586",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.i586",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.i586",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.i586",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.i586",
"product": {
"name": "openssl-1.0.1i-27.34.1.i586",
"product_id": "openssl-1.0.1i-27.34.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-doc-1.0.1i-27.34.1.noarch",
"product": {
"name": "openssl-doc-1.0.1i-27.34.1.noarch",
"product_id": "openssl-doc-1.0.1i-27.34.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.ppc64le",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.ppc64le",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.ppc64le",
"product": {
"name": "openssl-1.0.1i-27.34.1.ppc64le",
"product_id": "openssl-1.0.1i-27.34.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.s390",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.s390",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.s390",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.s390",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.s390",
"product": {
"name": "openssl-1.0.1i-27.34.1.s390",
"product_id": "openssl-1.0.1i-27.34.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl-devel-32bit-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl-devel-32bit-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.s390x",
"product": {
"name": "openssl-1.0.1i-27.34.1.s390x",
"product_id": "openssl-1.0.1i-27.34.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl-devel-32bit-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl-devel-32bit-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.x86_64",
"product": {
"name": "openssl-1.0.1i-27.34.1.x86_64",
"product_id": "openssl-1.0.1i-27.34.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-27.34.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le"
},
"product_reference": "openssl-1.0.1i-27.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-27.34.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x"
},
"product_reference": "openssl-1.0.1i-27.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-27.34.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64"
},
"product_reference": "openssl-1.0.1i-27.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.1i-27.34.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
},
"product_reference": "openssl-doc-1.0.1i-27.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-8610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8610"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8610",
"url": "https://www.suse.com/security/cve/CVE-2016-8610"
},
{
"category": "external",
"summary": "SUSE Bug 1005878 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005878"
},
{
"category": "external",
"summary": "SUSE Bug 1005879 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005879"
},
{
"category": "external",
"summary": "SUSE Bug 1110018 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "external",
"summary": "SUSE Bug 1120592 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1120592"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1148697"
},
{
"category": "external",
"summary": "SUSE Bug 982575 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/982575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "important"
}
],
"title": "CVE-2016-8610"
},
{
"cve": "CVE-2018-0732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0732"
}
],
"notes": [
{
"category": "general",
"text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0732",
"url": "https://www.suse.com/security/cve/CVE-2018-0732"
},
{
"category": "external",
"summary": "SUSE Bug 1077628 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1077628"
},
{
"category": "external",
"summary": "SUSE Bug 1097158 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1097158"
},
{
"category": "external",
"summary": "SUSE Bug 1099502 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1099502"
},
{
"category": "external",
"summary": "SUSE Bug 1106692 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1106692"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1110163 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1110163"
},
{
"category": "external",
"summary": "SUSE Bug 1112097 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1112097"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "important"
}
],
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0737"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0737",
"url": "https://www.suse.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "SUSE Bug 1089039 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089039"
},
{
"category": "external",
"summary": "SUSE Bug 1089041 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089041"
},
{
"category": "external",
"summary": "SUSE Bug 1089044 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089044"
},
{
"category": "external",
"summary": "SUSE Bug 1089045 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089045"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1123780 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1123780"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-0737"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
},
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
SUSE-SU-2019:14091-1
Vulnerability from csaf_suse - Published: 2019-06-18 16:28 - Updated: 2019-06-18 16:28Summary
Security update for openssl1
Notes
Title of the patch
Security update for openssl1
Description of the patch
This update for openssl1 fixes the following security issues:
- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)
- Reject invalid EC point coordinates (bsc#1131291)
- Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' (bsc#1117951)
Patchnames
secsp3-openssl1-14091
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl1 fixes the following security issues:\n\n- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)\n- Reject invalid EC point coordinates (bsc#1131291)\n- Fixed \u0027The 9 Lives of Bleichenbacher\u0027s CAT: Cache ATtacks on TLS Implementations\u0027 (bsc#1117951)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "secsp3-openssl1-14091",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14091-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:14091-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914091-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:14091-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-June/005585.html"
},
{
"category": "self",
"summary": "SUSE Bug 1117951",
"url": "https://bugzilla.suse.com/1117951"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE Bug 1131291",
"url": "https://bugzilla.suse.com/1131291"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for openssl1",
"tracking": {
"current_release_date": "2019-06-18T16:28:44Z",
"generator": {
"date": "2019-06-18T16:28:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:14091-1",
"initial_release_date": "2019-06-18T16:28:44Z",
"revision_history": [
{
"date": "2019-06-18T16:28:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.i586",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.i586",
"product_id": "libopenssl1-devel-1.0.1g-0.58.18.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.i586",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.18.1.i586"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.18.1.i586",
"product": {
"name": "openssl1-1.0.1g-0.58.18.1.i586",
"product_id": "openssl1-1.0.1g-0.58.18.1.i586"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.18.1.i586",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.18.1.i586",
"product_id": "openssl1-doc-1.0.1g-0.58.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.ia64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.ia64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.18.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.ia64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.ia64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.18.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.18.1.ia64",
"product": {
"name": "openssl1-1.0.1g-0.58.18.1.ia64",
"product_id": "openssl1-1.0.1g-0.58.18.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.18.1.ia64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.18.1.ia64",
"product_id": "openssl1-doc-1.0.1g-0.58.18.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.ppc64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.ppc64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.18.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.ppc64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.ppc64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.18.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.18.1.ppc64",
"product": {
"name": "openssl1-1.0.1g-0.58.18.1.ppc64",
"product_id": "openssl1-1.0.1g-0.58.18.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.18.1.ppc64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.18.1.ppc64",
"product_id": "openssl1-doc-1.0.1g-0.58.18.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.s390x",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.s390x",
"product_id": "libopenssl1-devel-1.0.1g-0.58.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.s390x",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.18.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.18.1.s390x",
"product": {
"name": "openssl1-1.0.1g-0.58.18.1.s390x",
"product_id": "openssl1-1.0.1g-0.58.18.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.18.1.s390x",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.18.1.s390x",
"product_id": "openssl1-doc-1.0.1g-0.58.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.x86_64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.x86_64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.18.1.x86_64",
"product": {
"name": "openssl1-1.0.1g-0.58.18.1.x86_64",
"product_id": "openssl1-1.0.1g-0.58.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.18.1.x86_64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.18.1.x86_64",
"product_id": "openssl1-doc-1.0.1g-0.58.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product": {
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:security"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.i586"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.ia64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.ppc64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.s390x"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.18.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.x86_64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.i586"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.ia64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.ppc64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.18.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.18.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.i586"
},
"product_reference": "openssl1-1.0.1g-0.58.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.18.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.ia64"
},
"product_reference": "openssl1-1.0.1g-0.58.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.18.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.ppc64"
},
"product_reference": "openssl1-1.0.1g-0.58.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.18.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.s390x"
},
"product_reference": "openssl1-1.0.1g-0.58.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.18.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.x86_64"
},
"product_reference": "openssl1-1.0.1g-0.58.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.18.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.i586"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.18.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.ia64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.18.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.ppc64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.18.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.s390x"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.18.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.x86_64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.18.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.18.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.18.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:28:44Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
SUSE-SU-2019:14092-1
Vulnerability from csaf_suse - Published: 2019-09-11 14:45 - Updated: 2019-09-11 14:45Summary
Security update for openssl
Notes
Title of the patch
Security update for openssl
Description of the patch
This update for openssl fixes the following issues:
Security issues fixed:
- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)
- Reject invalid EC point coordinates (bsc#1131291)
- Mitigate the 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' attack (bsc#1117951)
Patchnames
sleposp3-openssl-14092,slessp4-openssl-14092
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)\n- Reject invalid EC point coordinates (bsc#1131291)\n- Mitigate the \u0027The 9 Lives of Bleichenbacher\u0027s CAT: Cache ATtacks on TLS Implementations\u0027 attack (bsc#1117951)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-openssl-14092,slessp4-openssl-14092",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14092-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:14092-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914092-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:14092-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-June/005582.html"
},
{
"category": "self",
"summary": "SUSE Bug 1117951",
"url": "https://bugzilla.suse.com/1117951"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE Bug 1131291",
"url": "https://bugzilla.suse.com/1131291"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2019-09-11T14:45:26Z",
"generator": {
"date": "2019-09-11T14:45:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:14092-1",
"initial_release_date": "2019-09-11T14:45:26Z",
"revision_history": [
{
"date": "2019-09-11T14:45:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.21.1.i586",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.21.1.i586",
"product_id": "libopenssl-devel-0.9.8j-0.106.21.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.i586",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.i586",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.21.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.21.1.i586",
"product": {
"name": "openssl-0.9.8j-0.106.21.1.i586",
"product_id": "openssl-0.9.8j-0.106.21.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.21.1.i586",
"product": {
"name": "openssl-doc-0.9.8j-0.106.21.1.i586",
"product_id": "openssl-doc-0.9.8j-0.106.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.ppc64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.ppc64",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.21.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.ppc64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.ppc64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.ppc64",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.ppc64",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.ppc64",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.ppc64",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.21.1.ppc64",
"product": {
"name": "openssl-0.9.8j-0.106.21.1.ppc64",
"product_id": "openssl-0.9.8j-0.106.21.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.21.1.ppc64",
"product": {
"name": "openssl-doc-0.9.8j-0.106.21.1.ppc64",
"product_id": "openssl-doc-0.9.8j-0.106.21.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.s390x",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.s390x",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.21.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.s390x",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.s390x",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.s390x",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.s390x",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.s390x",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.s390x",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.21.1.s390x",
"product": {
"name": "openssl-0.9.8j-0.106.21.1.s390x",
"product_id": "openssl-0.9.8j-0.106.21.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.21.1.s390x",
"product": {
"name": "openssl-doc-0.9.8j-0.106.21.1.s390x",
"product_id": "openssl-doc-0.9.8j-0.106.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.x86_64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.x86_64",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.x86_64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.x86_64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.x86_64",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.x86_64",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.x86_64",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.x86_64",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.21.1.x86_64",
"product": {
"name": "openssl-0.9.8j-0.106.21.1.x86_64",
"product_id": "openssl-0.9.8j-0.106.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.21.1.x86_64",
"product": {
"name": "openssl-doc-0.9.8j-0.106.21.1.x86_64",
"product_id": "openssl-doc-0.9.8j-0.106.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.21.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.21.1.i586"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.21.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.21.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.21.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.21.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.21.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.21.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.21.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.21.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.21.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.21.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.ppc64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.21.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.21.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.ppc64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.21.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.21.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.21.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.ppc64"
},
"product_reference": "openssl-0.9.8j-0.106.21.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.21.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.s390x"
},
"product_reference": "openssl-0.9.8j-0.106.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.21.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.x86_64"
},
"product_reference": "openssl-0.9.8j-0.106.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.21.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.21.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.21.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.ppc64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.21.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.21.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.s390x"
},
"product_reference": "openssl-doc-0.9.8j-0.106.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.21.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.x86_64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-0.9.8j-0.106.21.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:openssl-doc-0.9.8j-0.106.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-11T14:45:26Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
SUSE-SU-2019:0818-1
Vulnerability from csaf_suse - Published: 2019-03-29 17:03 - Updated: 2019-03-29 17:03Summary
Security update for nodejs6
Notes
Title of the patch
Security update for nodejs6
Description of the patch
This update for nodejs6 to version 6.17.0 fixes the following issues:
Security issues fixed:
- CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service
when HTTP connection are kept active (bsc#1127533).
- CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service
when HTTP connection are kept active (bsc#1127532).
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances
a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
Release Notes: https://nodejs.org/en/blog/release/v6.17.0/
Patchnames
SUSE-2019-818,SUSE-OpenStack-Cloud-7-2019-818,SUSE-OpenStack-Cloud-Crowbar-8-2019-818,SUSE-SLE-Module-Web-Scripting-12-2019-818,SUSE-Storage-4-2019-818
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs6",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs6 to version 6.17.0 fixes the following issues:\n\nSecurity issues fixed:\n\n\n- CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service \n when HTTP connection are kept active (bsc#1127533).\n- CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service\n when HTTP connection are kept active (bsc#1127532).\n- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances \n a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).\n\nRelease Notes: https://nodejs.org/en/blog/release/v6.17.0/ \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-818,SUSE-OpenStack-Cloud-7-2019-818,SUSE-OpenStack-Cloud-Crowbar-8-2019-818,SUSE-SLE-Module-Web-Scripting-12-2019-818,SUSE-Storage-4-2019-818",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0818-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0818-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190818-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0818-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005269.html"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE Bug 1127532",
"url": "https://bugzilla.suse.com/1127532"
},
{
"category": "self",
"summary": "SUSE Bug 1127533",
"url": "https://bugzilla.suse.com/1127533"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5737 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5739 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5739/"
}
],
"title": "Security update for nodejs6",
"tracking": {
"current_release_date": "2019-03-29T17:03:45Z",
"generator": {
"date": "2019-03-29T17:03:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0818-1",
"initial_release_date": "2019-03-29T17:03:45Z",
"revision_history": [
{
"date": "2019-03-29T17:03:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.17.0-11.24.1.aarch64",
"product": {
"name": "nodejs6-6.17.0-11.24.1.aarch64",
"product_id": "nodejs6-6.17.0-11.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.17.0-11.24.1.aarch64",
"product": {
"name": "nodejs6-devel-6.17.0-11.24.1.aarch64",
"product_id": "nodejs6-devel-6.17.0-11.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm6-6.17.0-11.24.1.aarch64",
"product": {
"name": "npm6-6.17.0-11.24.1.aarch64",
"product_id": "npm6-6.17.0-11.24.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.17.0-11.24.1.i586",
"product": {
"name": "nodejs6-6.17.0-11.24.1.i586",
"product_id": "nodejs6-6.17.0-11.24.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.17.0-11.24.1.i586",
"product": {
"name": "nodejs6-devel-6.17.0-11.24.1.i586",
"product_id": "nodejs6-devel-6.17.0-11.24.1.i586"
}
},
{
"category": "product_version",
"name": "npm6-6.17.0-11.24.1.i586",
"product": {
"name": "npm6-6.17.0-11.24.1.i586",
"product_id": "npm6-6.17.0-11.24.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-docs-6.17.0-11.24.1.noarch",
"product": {
"name": "nodejs6-docs-6.17.0-11.24.1.noarch",
"product_id": "nodejs6-docs-6.17.0-11.24.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.17.0-11.24.1.ppc64le",
"product": {
"name": "nodejs6-6.17.0-11.24.1.ppc64le",
"product_id": "nodejs6-6.17.0-11.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.17.0-11.24.1.ppc64le",
"product": {
"name": "nodejs6-devel-6.17.0-11.24.1.ppc64le",
"product_id": "nodejs6-devel-6.17.0-11.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm6-6.17.0-11.24.1.ppc64le",
"product": {
"name": "npm6-6.17.0-11.24.1.ppc64le",
"product_id": "npm6-6.17.0-11.24.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.17.0-11.24.1.s390",
"product": {
"name": "nodejs6-6.17.0-11.24.1.s390",
"product_id": "nodejs6-6.17.0-11.24.1.s390"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.17.0-11.24.1.s390",
"product": {
"name": "nodejs6-devel-6.17.0-11.24.1.s390",
"product_id": "nodejs6-devel-6.17.0-11.24.1.s390"
}
},
{
"category": "product_version",
"name": "npm6-6.17.0-11.24.1.s390",
"product": {
"name": "npm6-6.17.0-11.24.1.s390",
"product_id": "npm6-6.17.0-11.24.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.17.0-11.24.1.s390x",
"product": {
"name": "nodejs6-6.17.0-11.24.1.s390x",
"product_id": "nodejs6-6.17.0-11.24.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.17.0-11.24.1.s390x",
"product": {
"name": "nodejs6-devel-6.17.0-11.24.1.s390x",
"product_id": "nodejs6-devel-6.17.0-11.24.1.s390x"
}
},
{
"category": "product_version",
"name": "npm6-6.17.0-11.24.1.s390x",
"product": {
"name": "npm6-6.17.0-11.24.1.s390x",
"product_id": "npm6-6.17.0-11.24.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.17.0-11.24.1.x86_64",
"product": {
"name": "nodejs6-6.17.0-11.24.1.x86_64",
"product_id": "nodejs6-6.17.0-11.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.17.0-11.24.1.x86_64",
"product": {
"name": "nodejs6-devel-6.17.0-11.24.1.x86_64",
"product_id": "nodejs6-devel-6.17.0-11.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm6-6.17.0-11.24.1.x86_64",
"product": {
"name": "npm6-6.17.0-11.24.1.x86_64",
"product_id": "npm6-6.17.0-11.24.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.17.0-11.24.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.aarch64"
},
"product_reference": "nodejs6-6.17.0-11.24.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.17.0-11.24.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.s390x"
},
"product_reference": "nodejs6-6.17.0-11.24.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.17.0-11.24.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.x86_64"
},
"product_reference": "nodejs6-6.17.0-11.24.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.17.0-11.24.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1.x86_64"
},
"product_reference": "nodejs6-6.17.0-11.24.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.17.0-11.24.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.aarch64"
},
"product_reference": "nodejs6-6.17.0-11.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.17.0-11.24.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.ppc64le"
},
"product_reference": "nodejs6-6.17.0-11.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.17.0-11.24.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.s390x"
},
"product_reference": "nodejs6-6.17.0-11.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.17.0-11.24.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.x86_64"
},
"product_reference": "nodejs6-6.17.0-11.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-devel-6.17.0-11.24.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.aarch64"
},
"product_reference": "nodejs6-devel-6.17.0-11.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-devel-6.17.0-11.24.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.ppc64le"
},
"product_reference": "nodejs6-devel-6.17.0-11.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-devel-6.17.0-11.24.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.s390x"
},
"product_reference": "nodejs6-devel-6.17.0-11.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-devel-6.17.0-11.24.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.x86_64"
},
"product_reference": "nodejs6-devel-6.17.0-11.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-docs-6.17.0-11.24.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1.noarch"
},
"product_reference": "nodejs6-docs-6.17.0-11.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm6-6.17.0-11.24.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.aarch64"
},
"product_reference": "npm6-6.17.0-11.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm6-6.17.0-11.24.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.ppc64le"
},
"product_reference": "npm6-6.17.0-11.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm6-6.17.0-11.24.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.s390x"
},
"product_reference": "npm6-6.17.0-11.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm6-6.17.0-11.24.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.x86_64"
},
"product_reference": "npm6-6.17.0-11.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.17.0-11.24.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.aarch64"
},
"product_reference": "nodejs6-6.17.0-11.24.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.17.0-11.24.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.x86_64"
},
"product_reference": "nodejs6-6.17.0-11.24.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-29T17:03:45Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
},
{
"cve": "CVE-2019-5737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5737"
}
],
"notes": [
{
"category": "general",
"text": "In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5737",
"url": "https://www.suse.com/security/cve/CVE-2019-5737"
},
{
"category": "external",
"summary": "SUSE Bug 1127532 for CVE-2019-5737",
"url": "https://bugzilla.suse.com/1127532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-29T17:03:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5737"
},
{
"cve": "CVE-2019-5739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5739"
}
],
"notes": [
{
"category": "general",
"text": "Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5739",
"url": "https://www.suse.com/security/cve/CVE-2019-5739"
},
{
"category": "external",
"summary": "SUSE Bug 1127533 for CVE-2019-5739",
"url": "https://bugzilla.suse.com/1127533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-29T17:03:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5739"
}
]
}
SUSE-SU-2019:0600-1
Vulnerability from csaf_suse - Published: 2019-03-12 17:40 - Updated: 2019-03-12 17:40Summary
Security update for openssl-1_0_0
Notes
Title of the patch
Security update for openssl-1_0_0
Description of the patch
This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:
- The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances
a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
Patchnames
SUSE-2019-600,SUSE-SLE-Module-Development-Tools-OBS-15-2019-600,SUSE-SLE-Module-Legacy-15-2019-600
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_0_0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_0_0 fixes the following issues:\n\nSecurity issues fixed: \n\n- The 9 Lives of Bleichenbacher\u0027s CAT: Cache Attacks on TLS Implementations (bsc#1117951)\n- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances\n a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-600,SUSE-SLE-Module-Development-Tools-OBS-15-2019-600,SUSE-SLE-Module-Legacy-15-2019-600",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0600-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0600-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190600-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0600-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005186.html"
},
{
"category": "self",
"summary": "SUSE Bug 1117951",
"url": "https://bugzilla.suse.com/1117951"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for openssl-1_0_0",
"tracking": {
"current_release_date": "2019-03-12T17:40:27Z",
"generator": {
"date": "2019-03-12T17:40:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0600-1",
"initial_release_date": "2019-03-12T17:40:27Z",
"revision_history": [
{
"date": "2019-03-12T17:40:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.aarch64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.aarch64",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.14.2.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.14.2.aarch64",
"product_id": "libopenssl1_0_0-1.0.2p-3.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.14.2.aarch64",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.14.2.aarch64",
"product_id": "openssl-1_0_0-1.0.2p-3.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.14.2.aarch64",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.14.2.aarch64",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.14.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-64bit-1.0.2p-3.14.2.aarch64_ilp32",
"product": {
"name": "libopenssl-1_0_0-devel-64bit-1.0.2p-3.14.2.aarch64_ilp32",
"product_id": "libopenssl-1_0_0-devel-64bit-1.0.2p-3.14.2.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-64bit-1.0.2p-3.14.2.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-64bit-1.0.2p-3.14.2.aarch64_ilp32",
"product_id": "libopenssl1_0_0-64bit-1.0.2p-3.14.2.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-64bit-1.0.2p-3.14.2.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-hmac-64bit-1.0.2p-3.14.2.aarch64_ilp32",
"product_id": "libopenssl1_0_0-hmac-64bit-1.0.2p-3.14.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.i586",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.i586",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.14.2.i586",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.14.2.i586",
"product_id": "libopenssl1_0_0-1.0.2p-3.14.2.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.i586",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.i586",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.14.2.i586",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.14.2.i586",
"product_id": "openssl-1_0_0-1.0.2p-3.14.2.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.14.2.i586",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.14.2.i586",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.14.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2p-3.14.2.noarch",
"product": {
"name": "openssl-1_0_0-doc-1.0.2p-3.14.2.noarch",
"product_id": "openssl-1_0_0-doc-1.0.2p-3.14.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.ppc64le",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.ppc64le",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.14.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.14.2.ppc64le",
"product_id": "libopenssl1_0_0-1.0.2p-3.14.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.14.2.ppc64le",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.14.2.ppc64le",
"product_id": "openssl-1_0_0-1.0.2p-3.14.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.14.2.ppc64le",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.14.2.ppc64le",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.14.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.s390x",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.s390x",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.14.2.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.14.2.s390x",
"product_id": "libopenssl1_0_0-1.0.2p-3.14.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.14.2.s390x",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.14.2.s390x",
"product_id": "openssl-1_0_0-1.0.2p-3.14.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.14.2.s390x",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.14.2.s390x",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.14.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.x86_64",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-3.14.2.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-3.14.2.x86_64",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2p-3.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.14.2.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.14.2.x86_64",
"product_id": "libopenssl1_0_0-1.0.2p-3.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2p-3.14.2.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.14.2.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.2p-3.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.14.2.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.14.2.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.14.2.x86_64",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.14.2.x86_64",
"product_id": "openssl-1_0_0-1.0.2p-3.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.14.2.x86_64",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.14.2.x86_64",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.14.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.s390x as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.14.2.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.14.2.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.14.2.s390x as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.14.2.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.14.2.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.aarch64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.14.2.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.ppc64le"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.14.2.s390x as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.s390x"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.14.2.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.14.2.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.14.2.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-12T17:40:27Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
SUSE-SU-2019:0803-1
Vulnerability from csaf_suse - Published: 2019-03-29 12:14 - Updated: 2019-03-29 12:14Summary
Security update for openssl
Notes
Title of the patch
Security update for openssl
Description of the patch
This update for openssl fixes the following issues:
Security issues fixed:
- The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances
a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
Other issues addressed:
- Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl (bsc#1113975).
- Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078).
Patchnames
SUSE-2019-803,SUSE-OpenStack-Cloud-7-2019-803,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-803,SUSE-SLE-DESKTOP-12-SP3-2019-803,SUSE-SLE-SAP-12-SP2-2019-803,SUSE-SLE-SDK-12-SP3-2019-803,SUSE-SLE-SERVER-12-SP2-2019-803,SUSE-SLE-SERVER-12-SP2-BCL-2019-803,SUSE-SLE-SERVER-12-SP3-2019-803,SUSE-Storage-4-2019-803
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\nSecurity issues fixed: \n\n- The 9 Lives of Bleichenbacher\u0027s CAT: Cache Attacks on TLS Implementations (bsc#1117951)\n- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances\n a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).\n\nOther issues addressed: \n\n- Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl (bsc#1113975).\n- Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-803,SUSE-OpenStack-Cloud-7-2019-803,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-803,SUSE-SLE-DESKTOP-12-SP3-2019-803,SUSE-SLE-SAP-12-SP2-2019-803,SUSE-SLE-SDK-12-SP3-2019-803,SUSE-SLE-SERVER-12-SP2-2019-803,SUSE-SLE-SERVER-12-SP2-BCL-2019-803,SUSE-SLE-SERVER-12-SP3-2019-803,SUSE-Storage-4-2019-803",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0803-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0803-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190803-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0803-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005266.html"
},
{
"category": "self",
"summary": "SUSE Bug 1100078",
"url": "https://bugzilla.suse.com/1100078"
},
{
"category": "self",
"summary": "SUSE Bug 1113975",
"url": "https://bugzilla.suse.com/1113975"
},
{
"category": "self",
"summary": "SUSE Bug 1117951",
"url": "https://bugzilla.suse.com/1117951"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2019-03-29T12:14:45Z",
"generator": {
"date": "2019-03-29T12:14:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0803-1",
"initial_release_date": "2019-03-29T12:14:45Z",
"revision_history": [
{
"date": "2019-03-29T12:14:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.49.1.aarch64",
"product": {
"name": "libopenssl-devel-1.0.2j-60.49.1.aarch64",
"product_id": "libopenssl-devel-1.0.2j-60.49.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.49.1.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.aarch64",
"product_id": "libopenssl1_0_0-1.0.2j-60.49.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.49.1.aarch64",
"product": {
"name": "openssl-1.0.2j-60.49.1.aarch64",
"product_id": "openssl-1.0.2j-60.49.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-cavs-1.0.2j-60.49.1.aarch64",
"product": {
"name": "openssl-cavs-1.0.2j-60.49.1.aarch64",
"product_id": "openssl-cavs-1.0.2j-60.49.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-64bit-1.0.2j-60.49.1.aarch64_ilp32",
"product": {
"name": "libopenssl-devel-64bit-1.0.2j-60.49.1.aarch64_ilp32",
"product_id": "libopenssl-devel-64bit-1.0.2j-60.49.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-64bit-1.0.2j-60.49.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-64bit-1.0.2j-60.49.1.aarch64_ilp32",
"product_id": "libopenssl1_0_0-64bit-1.0.2j-60.49.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-64bit-1.0.2j-60.49.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-hmac-64bit-1.0.2j-60.49.1.aarch64_ilp32",
"product_id": "libopenssl1_0_0-hmac-64bit-1.0.2j-60.49.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.49.1.i586",
"product": {
"name": "libopenssl-devel-1.0.2j-60.49.1.i586",
"product_id": "libopenssl-devel-1.0.2j-60.49.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.49.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.i586",
"product_id": "libopenssl1_0_0-1.0.2j-60.49.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.i586",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.i586",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.49.1.i586",
"product": {
"name": "openssl-1.0.2j-60.49.1.i586",
"product_id": "openssl-1.0.2j-60.49.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-cavs-1.0.2j-60.49.1.i586",
"product": {
"name": "openssl-cavs-1.0.2j-60.49.1.i586",
"product_id": "openssl-cavs-1.0.2j-60.49.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-doc-1.0.2j-60.49.1.noarch",
"product": {
"name": "openssl-doc-1.0.2j-60.49.1.noarch",
"product_id": "openssl-doc-1.0.2j-60.49.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"product": {
"name": "libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"product_id": "libopenssl-devel-1.0.2j-60.49.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.49.1.ppc64le",
"product": {
"name": "openssl-1.0.2j-60.49.1.ppc64le",
"product_id": "openssl-1.0.2j-60.49.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-cavs-1.0.2j-60.49.1.ppc64le",
"product": {
"name": "openssl-cavs-1.0.2j-60.49.1.ppc64le",
"product_id": "openssl-cavs-1.0.2j-60.49.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.49.1.s390",
"product": {
"name": "libopenssl-devel-1.0.2j-60.49.1.s390",
"product_id": "libopenssl-devel-1.0.2j-60.49.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.49.1.s390",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.s390",
"product_id": "libopenssl1_0_0-1.0.2j-60.49.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.49.1.s390",
"product": {
"name": "openssl-1.0.2j-60.49.1.s390",
"product_id": "openssl-1.0.2j-60.49.1.s390"
}
},
{
"category": "product_version",
"name": "openssl-cavs-1.0.2j-60.49.1.s390",
"product": {
"name": "openssl-cavs-1.0.2j-60.49.1.s390",
"product_id": "openssl-cavs-1.0.2j-60.49.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.49.1.s390x",
"product": {
"name": "libopenssl-devel-1.0.2j-60.49.1.s390x",
"product_id": "libopenssl-devel-1.0.2j-60.49.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-1.0.2j-60.49.1.s390x",
"product": {
"name": "libopenssl-devel-32bit-1.0.2j-60.49.1.s390x",
"product_id": "libopenssl-devel-32bit-1.0.2j-60.49.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"product_id": "libopenssl1_0_0-1.0.2j-60.49.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.49.1.s390x",
"product": {
"name": "openssl-1.0.2j-60.49.1.s390x",
"product_id": "openssl-1.0.2j-60.49.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-cavs-1.0.2j-60.49.1.s390x",
"product": {
"name": "openssl-cavs-1.0.2j-60.49.1.s390x",
"product_id": "openssl-cavs-1.0.2j-60.49.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"product": {
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"product_id": "libopenssl-devel-1.0.2j-60.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-1.0.2j-60.49.1.x86_64",
"product": {
"name": "libopenssl-devel-32bit-1.0.2j-60.49.1.x86_64",
"product_id": "libopenssl-devel-32bit-1.0.2j-60.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.49.1.x86_64",
"product": {
"name": "openssl-1.0.2j-60.49.1.x86_64",
"product_id": "openssl-1.0.2j-60.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-cavs-1.0.2j-60.49.1.x86_64",
"product": {
"name": "openssl-cavs-1.0.2j-60.49.1.x86_64",
"product_id": "openssl-cavs-1.0.2j-60.49.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openssl-1.0.2j-60.49.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openssl-1.0.2j-60.49.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.49.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.49.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.49.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.49.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.49.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.49.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.49.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.49.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.49.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.49.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.49.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.49.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.49.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.49.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.49.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.aarch64"
},
"product_reference": "openssl-1.0.2j-60.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.49.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.49.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.49.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.aarch64"
},
"product_reference": "openssl-1.0.2j-60.49.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.49.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.49.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.49.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.49.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.49.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.49.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.49.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:openssl-1.0.2j-60.49.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.49.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.49.1.noarch as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.49.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.49.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.49.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.49.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.49.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.49.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.49.1.s390x",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.49.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.49.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-29T12:14:45Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
SUSE-SU-2019:0572-1
Vulnerability from csaf_suse - Published: 2019-03-08 08:24 - Updated: 2019-03-08 08:24Summary
Security update for openssl-1_0_0
Notes
Title of the patch
Security update for openssl-1_0_0
Description of the patch
This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:
- The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances
a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
Patchnames
SUSE-2019-572,SUSE-SLE-DESKTOP-12-SP4-2019-572,SUSE-SLE-SDK-12-SP4-2019-572,SUSE-SLE-SERVER-12-SP4-2019-572
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_0_0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_0_0 fixes the following issues:\n\nSecurity issues fixed: \n\n- The 9 Lives of Bleichenbacher\u0027s CAT: Cache Attacks on TLS Implementations (bsc#1117951)\n- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances\n a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-572,SUSE-SLE-DESKTOP-12-SP4-2019-572,SUSE-SLE-SDK-12-SP4-2019-572,SUSE-SLE-SERVER-12-SP4-2019-572",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0572-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0572-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190572-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0572-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005177.html"
},
{
"category": "self",
"summary": "SUSE Bug 1117951",
"url": "https://bugzilla.suse.com/1117951"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for openssl-1_0_0",
"tracking": {
"current_release_date": "2019-03-08T08:24:27Z",
"generator": {
"date": "2019-03-08T08:24:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0572-1",
"initial_release_date": "2019-03-08T08:24:27Z",
"revision_history": [
{
"date": "2019-03-08T08:24:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.6.1.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.aarch64",
"product_id": "libopenssl1_0_0-1.0.2p-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.6.1.aarch64",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.aarch64",
"product_id": "openssl-1_0_0-1.0.2p-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.aarch64",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.aarch64",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-64bit-1.0.2p-3.6.1.aarch64_ilp32",
"product": {
"name": "libopenssl-1_0_0-devel-64bit-1.0.2p-3.6.1.aarch64_ilp32",
"product_id": "libopenssl-1_0_0-devel-64bit-1.0.2p-3.6.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-64bit-1.0.2p-3.6.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-64bit-1.0.2p-3.6.1.aarch64_ilp32",
"product_id": "libopenssl1_0_0-64bit-1.0.2p-3.6.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-64bit-1.0.2p-3.6.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-hmac-64bit-1.0.2p-3.6.1.aarch64_ilp32",
"product_id": "libopenssl1_0_0-hmac-64bit-1.0.2p-3.6.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.i586",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.i586",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.6.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.i586",
"product_id": "libopenssl1_0_0-1.0.2p-3.6.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.i586",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.i586",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.6.1.i586",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.i586",
"product_id": "openssl-1_0_0-1.0.2p-3.6.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.i586",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.i586",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2p-3.6.1.noarch",
"product": {
"name": "openssl-1_0_0-doc-1.0.2p-3.6.1.noarch",
"product_id": "openssl-1_0_0-doc-1.0.2p-3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.6.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.2p-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.6.1.ppc64le",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.ppc64le",
"product_id": "openssl-1_0_0-1.0.2p-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.ppc64le",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.ppc64le",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.6.1.s390",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.s390",
"product_id": "libopenssl1_0_0-1.0.2p-3.6.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.6.1.s390",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.s390",
"product_id": "openssl-1_0_0-1.0.2p-3.6.1.s390"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.s390",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.s390",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.6.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-3.6.1.s390x",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-3.6.1.s390x",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2p-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.6.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.s390x",
"product_id": "libopenssl1_0_0-1.0.2p-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.6.1.s390x",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.s390x",
"product_id": "openssl-1_0_0-1.0.2p-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.s390x",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.s390x",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-3.6.1.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-3.6.1.x86_64",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2p-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.2p-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"product_id": "openssl-1_0_0-1.0.2p-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.x86_64",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-3.6.1.x86_64",
"product_id": "openssl-1_0_0-cavs-1.0.2p-3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.aarch64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.ppc64le"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.s390x"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2p-3.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.6.1.noarch"
},
"product_reference": "openssl-1_0_0-doc-1.0.2p-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.aarch64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.ppc64le"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.s390x"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2p-3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.6.1.noarch"
},
"product_reference": "openssl-1_0_0-doc-1.0.2p-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-08T08:24:27Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
SUSE-SU-2019:1608-1
Vulnerability from csaf_suse - Published: 2019-06-21 08:27 - Updated: 2019-06-21 08:27Summary
Security update for compat-openssl098
Notes
Title of the patch
Security update for compat-openssl098
Description of the patch
This update for compat-openssl098 fixes the following issues:
- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)
- Reject invalid EC point coordinates (bsc#1131291)
- Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' (bsc#1117951)
Patchnames
SUSE-2019-1608,SUSE-SLE-DESKTOP-12-SP3-2019-1608,SUSE-SLE-DESKTOP-12-SP4-2019-1608,SUSE-SLE-Module-Legacy-12-2019-1608,SUSE-SLE-SAP-12-SP1-2019-1608,SUSE-SLE-SAP-12-SP2-2019-1608,SUSE-SLE-SAP-12-SP3-2019-1608,SUSE-SLE-SAP-12-SP4-2019-1608
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for compat-openssl098",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for compat-openssl098 fixes the following issues:\n\n- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)\n- Reject invalid EC point coordinates (bsc#1131291)\n- Fixed \u0027The 9 Lives of Bleichenbacher\u0027s CAT: Cache ATtacks on TLS Implementations\u0027 (bsc#1117951)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-1608,SUSE-SLE-DESKTOP-12-SP3-2019-1608,SUSE-SLE-DESKTOP-12-SP4-2019-1608,SUSE-SLE-Module-Legacy-12-2019-1608,SUSE-SLE-SAP-12-SP1-2019-1608,SUSE-SLE-SAP-12-SP2-2019-1608,SUSE-SLE-SAP-12-SP3-2019-1608,SUSE-SLE-SAP-12-SP4-2019-1608",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1608-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:1608-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191608-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:1608-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-June/005602.html"
},
{
"category": "self",
"summary": "SUSE Bug 1117951",
"url": "https://bugzilla.suse.com/1117951"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE Bug 1131291",
"url": "https://bugzilla.suse.com/1131291"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for compat-openssl098",
"tracking": {
"current_release_date": "2019-06-21T08:27:17Z",
"generator": {
"date": "2019-06-21T08:27:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:1608-1",
"initial_release_date": "2019-06-21T08:27:17Z",
"revision_history": [
{
"date": "2019-06-21T08:27:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-106.12.1.i586",
"product": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.i586",
"product_id": "libopenssl0_9_8-0.9.8j-106.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-106.12.1.s390",
"product": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.s390",
"product_id": "libopenssl0_9_8-0.9.8j-106.12.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-106.12.1.s390x",
"product": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.s390x",
"product_id": "libopenssl0_9_8-0.9.8j-106.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-106.12.1.s390x",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.12.1.s390x",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-106.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"product_id": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-106.12.1.x86_64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.12.1.x86_64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-106.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 12",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.12.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.12.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.12.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.12.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.12.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.12.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.12.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.12.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.12.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.12.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.12.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-21T08:27:17Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
WID-SEC-W-2023-1594
Vulnerability from csaf_certbund - Published: 2023-06-28 22:00 - Updated: 2023-06-28 22:00Summary
IBM Tivoli Network Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1594 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1594.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1594 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1594"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/885316"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/884276"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/883428"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/883424"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882926"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882898"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882888"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880403"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880401"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880395"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/879855"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/879841"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870546"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870526"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870508"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870504"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870500"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870498"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/743933"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739297"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739271"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739249"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739247"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739245"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739243"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/738231"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/731931"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730883"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730871"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730845"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730835"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730171"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720307"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720283"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720265"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/718745"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717345"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717335"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717327"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717007"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/716573"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/712213"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/712199"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/570557"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569765"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569727"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569717"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/305321"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/304091"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/304089"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/303663"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/303657"
}
],
"source_lang": "en-US",
"title": "IBM Tivoli Network Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-28T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:53:31.776+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1594",
"initial_release_date": "2023-06-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5",
"product_id": "T028343",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_5"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9",
"product_id": "T028344",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1",
"product_id": "T028345",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.1.1"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.2",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.2",
"product_id": "T028346",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.2"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4",
"product_id": "T028347",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.4"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5",
"product_id": "T028348",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.5"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4",
"product_id": "T028349",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_4"
}
}
}
],
"category": "product_name",
"name": "Tivoli Network Manager"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-4046",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-4046"
},
{
"cve": "CVE-2019-4030",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-4030"
},
{
"cve": "CVE-2019-2684",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2684"
},
{
"cve": "CVE-2019-2602",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2602"
},
{
"cve": "CVE-2019-2537",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2537"
},
{
"cve": "CVE-2019-2534",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2534"
},
{
"cve": "CVE-2019-2531",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2531"
},
{
"cve": "CVE-2019-2529",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2529"
},
{
"cve": "CVE-2019-2503",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2503"
},
{
"cve": "CVE-2019-2482",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2482"
},
{
"cve": "CVE-2019-2481",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2481"
},
{
"cve": "CVE-2019-2455",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2455"
},
{
"cve": "CVE-2019-1559",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-1559"
},
{
"cve": "CVE-2019-0220",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-0220"
},
{
"cve": "CVE-2018-8039",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-8039"
},
{
"cve": "CVE-2018-5407",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-5407"
},
{
"cve": "CVE-2018-3282",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3282"
},
{
"cve": "CVE-2018-3278",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3278"
},
{
"cve": "CVE-2018-3276",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3276"
},
{
"cve": "CVE-2018-3251",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3251"
},
{
"cve": "CVE-2018-3247",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3247"
},
{
"cve": "CVE-2018-3174",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3174"
},
{
"cve": "CVE-2018-3156",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3156"
},
{
"cve": "CVE-2018-3143",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3143"
},
{
"cve": "CVE-2018-3123",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3123"
},
{
"cve": "CVE-2018-3084",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3084"
},
{
"cve": "CVE-2018-3082",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3082"
},
{
"cve": "CVE-2018-3081",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3081"
},
{
"cve": "CVE-2018-3080",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3080"
},
{
"cve": "CVE-2018-3079",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3079"
},
{
"cve": "CVE-2018-3078",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3078"
},
{
"cve": "CVE-2018-3077",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3077"
},
{
"cve": "CVE-2018-3075",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3075"
},
{
"cve": "CVE-2018-3074",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3074"
},
{
"cve": "CVE-2018-3073",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3073"
},
{
"cve": "CVE-2018-3071",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3071"
},
{
"cve": "CVE-2018-3070",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3070"
},
{
"cve": "CVE-2018-3067",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3067"
},
{
"cve": "CVE-2018-3066",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3066"
},
{
"cve": "CVE-2018-3065",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3065"
},
{
"cve": "CVE-2018-3064",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3064"
},
{
"cve": "CVE-2018-3063",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3063"
},
{
"cve": "CVE-2018-3062",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3062"
},
{
"cve": "CVE-2018-3061",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3061"
},
{
"cve": "CVE-2018-3060",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3060"
},
{
"cve": "CVE-2018-3058",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3058"
},
{
"cve": "CVE-2018-3056",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3056"
},
{
"cve": "CVE-2018-3054",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3054"
},
{
"cve": "CVE-2018-2877",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2877"
},
{
"cve": "CVE-2018-2846",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2846"
},
{
"cve": "CVE-2018-2839",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2839"
},
{
"cve": "CVE-2018-2819",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2819"
},
{
"cve": "CVE-2018-2818",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2818"
},
{
"cve": "CVE-2018-2817",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2817"
},
{
"cve": "CVE-2018-2816",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2816"
},
{
"cve": "CVE-2018-2813",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2813"
},
{
"cve": "CVE-2018-2812",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2812"
},
{
"cve": "CVE-2018-2810",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2810"
},
{
"cve": "CVE-2018-2805",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2805"
},
{
"cve": "CVE-2018-2787",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2787"
},
{
"cve": "CVE-2018-2786",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2786"
},
{
"cve": "CVE-2018-2784",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2784"
},
{
"cve": "CVE-2018-2782",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2782"
},
{
"cve": "CVE-2018-2781",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2781"
},
{
"cve": "CVE-2018-2780",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2780"
},
{
"cve": "CVE-2018-2779",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2779"
},
{
"cve": "CVE-2018-2778",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2778"
},
{
"cve": "CVE-2018-2777",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2777"
},
{
"cve": "CVE-2018-2776",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2776"
},
{
"cve": "CVE-2018-2775",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2775"
},
{
"cve": "CVE-2018-2773",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2773"
},
{
"cve": "CVE-2018-2771",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2771"
},
{
"cve": "CVE-2018-2769",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2769"
},
{
"cve": "CVE-2018-2766",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2766"
},
{
"cve": "CVE-2018-2762",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2762"
},
{
"cve": "CVE-2018-2761",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2761"
},
{
"cve": "CVE-2018-2759",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2759"
},
{
"cve": "CVE-2018-2758",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2758"
},
{
"cve": "CVE-2018-2755",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2755"
},
{
"cve": "CVE-2018-2598",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2598"
},
{
"cve": "CVE-2018-1996",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1996"
},
{
"cve": "CVE-2018-1926",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1926"
},
{
"cve": "CVE-2018-1904",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1904"
},
{
"cve": "CVE-2018-1902",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1902"
},
{
"cve": "CVE-2018-1901",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1901"
},
{
"cve": "CVE-2018-1798",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1798"
},
{
"cve": "CVE-2018-1797",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1797"
},
{
"cve": "CVE-2018-1794",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1794"
},
{
"cve": "CVE-2018-1793",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1793"
},
{
"cve": "CVE-2018-1777",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1777"
},
{
"cve": "CVE-2018-1770",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1770"
},
{
"cve": "CVE-2018-1767",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1767"
},
{
"cve": "CVE-2018-1719",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1719"
},
{
"cve": "CVE-2018-1695",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1695"
},
{
"cve": "CVE-2018-1656",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1656"
},
{
"cve": "CVE-2018-1643",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1643"
},
{
"cve": "CVE-2018-1621",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1621"
},
{
"cve": "CVE-2018-1614",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1614"
},
{
"cve": "CVE-2018-1567",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1567"
},
{
"cve": "CVE-2018-1447",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1447"
},
{
"cve": "CVE-2018-1428",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1428"
},
{
"cve": "CVE-2018-1427",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1427"
},
{
"cve": "CVE-2018-1426",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1426"
},
{
"cve": "CVE-2018-1301",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-12539",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-12539"
},
{
"cve": "CVE-2018-10237",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-0734",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0732",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2017-9798",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-9798"
},
{
"cve": "CVE-2017-3738",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3738"
},
{
"cve": "CVE-2017-3737",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3737"
},
{
"cve": "CVE-2017-3736",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3736"
},
{
"cve": "CVE-2017-3735",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3735"
},
{
"cve": "CVE-2017-3732",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3732"
},
{
"cve": "CVE-2017-1743",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1743"
},
{
"cve": "CVE-2017-1741",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1741"
},
{
"cve": "CVE-2017-1731",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1731"
},
{
"cve": "CVE-2017-1681",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1681"
},
{
"cve": "CVE-2017-15715",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-15715"
},
{
"cve": "CVE-2017-15710",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2017-12624",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12624"
},
{
"cve": "CVE-2017-12618",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12618"
},
{
"cve": "CVE-2017-12613",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12613"
},
{
"cve": "CVE-2016-0705",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0705"
},
{
"cve": "CVE-2016-0702",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0702"
},
{
"cve": "CVE-2016-0701",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0701"
},
{
"cve": "CVE-2015-0899",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2015-0899"
},
{
"cve": "CVE-2014-7810",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2014-7810"
},
{
"cve": "CVE-2012-5783",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2012-5783"
}
]
}
WID-SEC-W-2023-2946
Vulnerability from csaf_certbund - Published: 2020-01-14 23:00 - Updated: 2023-11-16 23:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Verfügbarkeit, Vertraulichkeit und Integrität zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2946 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-2946.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2946 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2946"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog vom 2023-11-16",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2020 vom 2020-01-14",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html#AppendixFMW"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2113 vom 2020-05-12",
"url": "https://access.redhat.com/errata/RHSA-2020:2113"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-11-16T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:01:46.461+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2946",
"initial_release_date": "2020-01-14T23:00:00.000+00:00",
"revision_history": [
{
"date": "2020-01-14T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-05-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-16T23:00:00.000+00:00",
"number": "3",
"summary": "Exploit-Hinweis f\u00fcr CVE-2020-2551 aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Fusion Middleware",
"product": {
"name": "Oracle Fusion Middleware",
"product_id": "T006198",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-12626",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2017-12626"
},
{
"cve": "CVE-2018-8032",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2018-8032"
},
{
"cve": "CVE-2019-0227",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2019-0227"
},
{
"cve": "CVE-2019-10246",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2019-10246"
},
{
"cve": "CVE-2019-10247",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2019-10247"
},
{
"cve": "CVE-2019-12415",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2019-12415"
},
{
"cve": "CVE-2019-1559",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2019-1559"
},
{
"cve": "CVE-2019-17359",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2019-17359"
},
{
"cve": "CVE-2020-2519",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2519"
},
{
"cve": "CVE-2020-2530",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2530"
},
{
"cve": "CVE-2020-2531",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2531"
},
{
"cve": "CVE-2020-2533",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2533"
},
{
"cve": "CVE-2020-2534",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2534"
},
{
"cve": "CVE-2020-2535",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2535"
},
{
"cve": "CVE-2020-2536",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2536"
},
{
"cve": "CVE-2020-2537",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2537"
},
{
"cve": "CVE-2020-2538",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2538"
},
{
"cve": "CVE-2020-2539",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2539"
},
{
"cve": "CVE-2020-2540",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2540"
},
{
"cve": "CVE-2020-2541",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2541"
},
{
"cve": "CVE-2020-2542",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2542"
},
{
"cve": "CVE-2020-2543",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2543"
},
{
"cve": "CVE-2020-2544",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2544"
},
{
"cve": "CVE-2020-2545",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2545"
},
{
"cve": "CVE-2020-2546",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2546"
},
{
"cve": "CVE-2020-2547",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2547"
},
{
"cve": "CVE-2020-2548",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2548"
},
{
"cve": "CVE-2020-2549",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2549"
},
{
"cve": "CVE-2020-2550",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2550"
},
{
"cve": "CVE-2020-2551",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2551"
},
{
"cve": "CVE-2020-2552",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2552"
},
{
"cve": "CVE-2020-2555",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2555"
},
{
"cve": "CVE-2020-2576",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2576"
},
{
"cve": "CVE-2020-2728",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2728"
},
{
"cve": "CVE-2020-2729",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-2729"
},
{
"cve": "CVE-2020-6950",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Identity Manager, Oracle Big Data Discovery, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle HTTP Server, Oracle Outside In Technology, Oracle Reports Developer, Oracle Security Service, Oracle Tuxedo, Oracle WebCenter Sites und Oracle WebLogic Server. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"67646",
"T006198"
]
},
"release_date": "2020-01-14T23:00:00.000+00:00",
"title": "CVE-2020-6950"
}
]
}
WID-SEC-W-2022-0462
Vulnerability from csaf_certbund - Published: 2019-02-26 23:00 - Updated: 2024-06-03 22:00Summary
OpenSSL: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Appliance
- F5 Networks
- Juniper Appliance
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Appliance\n- F5 Networks\n- Juniper Appliance\n- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0462 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2022-0462.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0462 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0462"
},
{
"category": "external",
"summary": "OpenSSL Security Advisory vom 2019-02-26",
"url": "http://www.openssl.org/news/secadv/20190226.txt"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3899-1 vom 2019-02-27",
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4400-1 vom 2019-02-28",
"url": "https://lists.debian.org/debian-security-announce/2019/msg00043.html"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-201903-2 vom 2019-03-02",
"url": "https://security.archlinux.org/ASA-201903-2"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-201903-6 vom 2019-03-03",
"url": "https://security.archlinux.org/ASA-201903-6"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20190301-0002 vom 2019-03-04",
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0572-1 vom 2019-03-09",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190572-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0600-1 vom 2019-03-13",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190600-1.html"
},
{
"category": "external",
"summary": "Meinberg Security Advisory MBGSA-1901",
"url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-1901-ntp-und-openssl-fuer-lantime-firmware-und-ntp-fuer-windows.htm"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0818-1 vom 2019-03-30",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190818-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1362-1 vom 2019-05-28",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191362-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:14092-1 vom 2019-06-19",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914092-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:14091-1 vom 2019-06-19",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914091-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1553-1 vom 2019-06-19",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191553-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1608-1 vom 2019-06-21",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191608-1.html"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA10949 vom 2019-07-10",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10949"
},
{
"category": "external",
"summary": "Xerox Mini Bulletin XRX19P",
"url": "https://security.business.xerox.com/wp-content/uploads/2019/07/cert_Security_Mini_Bulletin_XRX19P_for_P3330.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2304 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2439 vom 2019-08-12",
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2437 vom 2019-08-12",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2471 vom 2019-08-13",
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2471 vom 2019-08-14",
"url": "http://linux.oracle.com/errata/ELSA-2019-2471.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4747 vom 2019-08-16",
"url": "http://linux.oracle.com/errata/ELSA-2019-4747.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2019:2471 vom 2019-08-16",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-2471-Moderate-CentOS-6-openssl-Security-Update-tp4645643.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4754 vom 2019-08-19",
"url": "http://linux.oracle.com/errata/ELSA-2019-4754.html"
},
{
"category": "external",
"summary": "Juniper Security Bulletin",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993"
},
{
"category": "external",
"summary": "Xerox Mini Bulletin XRX19T vom 2019-08-23",
"url": "https://security.business.xerox.com/wp-content/uploads/2019/08/Security-Mini-Bulletin-XRX19T-WorkCentre-4265.pdf"
},
{
"category": "external",
"summary": "F5 Security Advisory K18549143 vom 2019-08-27",
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3931 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3929 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "external",
"summary": "PaloAlto Security Advisory",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/202"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9150 vom 2021-04-01",
"url": "https://linux.oracle.com/errata/ELSA-2021-9150.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9121 vom 2021-04-06",
"url": "https://linux.oracle.com/errata/ELSA-2021-9121.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9272 vom 2022-04-08",
"url": "https://linux.oracle.com/errata/ELSA-2022-9272.html"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2022-765 vom 2022-06-24",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-765"
},
{
"category": "external",
"summary": "Dell Knowledge Base Article",
"url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities"
},
{
"category": "external",
"summary": "SolarWinds Platform 2024.2 release notes vom 2024-06-04",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"source_lang": "en-US",
"title": "OpenSSL: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2024-06-03T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:29:18.249+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0462",
"initial_release_date": "2019-02-26T23:00:00.000+00:00",
"revision_history": [
{
"date": "2019-02-26T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-02-27T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2019-02-28T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2019-03-03T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Arch Linux und NetApp aufgenommen"
},
{
"date": "2019-03-10T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-03-13T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-03-17T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2019-03-20T23:00:00.000+00:00",
"number": "8",
"summary": "Referenz(en) aufgenommen: SUSE-SU-2019:0658-1"
},
{
"date": "2019-03-31T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-05-28T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-06-18T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-06-23T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-07-10T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2019-07-22T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2019-08-06T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-08-12T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-08-13T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2019-08-18T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux und CentOS aufgenommen"
},
{
"date": "2019-08-19T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-08-26T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2019-08-27T22:00:00.000+00:00",
"number": "21",
"summary": "Advisory von F5 aufgenommen"
},
{
"date": "2019-09-10T22:00:00.000+00:00",
"number": "22",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-9A0A7C0986, FEDORA-2019-00C25B9379"
},
{
"date": "2019-09-11T22:00:00.000+00:00",
"number": "23",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-DB06EFDEA1"
},
{
"date": "2019-11-20T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-12-04T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Palo Alto Networks aufgenommen"
},
{
"date": "2020-01-12T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2021-03-31T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-04-06T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-04-10T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-06-26T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "32"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv2.2.0.2",
"product": {
"name": "Broadcom Brocade SANnav \u003cv2.2.0.2",
"product_id": "T023628"
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.10",
"product": {
"name": "Dell NetWorker \u003c19.10",
"product_id": "T032354"
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
},
{
"category": "product_name",
"name": "F5 WebAccelerator",
"product": {
"name": "F5 WebAccelerator",
"product_id": "T001411",
"product_identification_helper": {
"cpe": "cpe:/h:f5:big-ip_webaccelerator:10.2.4"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "5930",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.4R1",
"product": {
"name": "Juniper Junos Space \u003c19.4R1",
"product_id": "T015663"
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.24.021",
"product": {
"name": "Meinberg LANTIME \u003c6.24.021",
"product_id": "T013789"
}
}
],
"category": "product_name",
"name": "LANTIME"
}
],
"category": "vendor",
"name": "Meinberg"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Arch Linux",
"product": {
"name": "Open Source Arch Linux",
"product_id": "T013312",
"product_identification_helper": {
"cpe": "cpe:/o:archlinux:archlinux:-"
}
}
},
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.0.2r",
"product": {
"name": "Open Source OpenSSL \u003c1.0.2r",
"product_id": "9605"
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "PaloAlto Networks PAN-OS",
"product": {
"name": "PaloAlto Networks PAN-OS",
"product_id": "200814",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:3.1.10"
}
}
}
],
"category": "vendor",
"name": "PaloAlto Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2024.2",
"product": {
"name": "SolarWinds Platform \u003c2024.2",
"product_id": "T035149"
}
}
],
"category": "product_name",
"name": "Platform"
}
],
"category": "vendor",
"name": "SolarWinds"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "4265",
"product": {
"name": "Xerox WorkCentre 4265",
"product_id": "T005185",
"product_identification_helper": {
"cpe": "cpe:/h:xerox:workcentre:4265"
}
}
}
],
"category": "product_name",
"name": "WorkCentre"
}
],
"category": "vendor",
"name": "Xerox"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.2.8p13",
"product": {
"name": "Meinberg NTP fuer Windows \u003c4.2.8p13",
"product_id": "T013790"
}
}
],
"category": "product_name",
"name": "ntp"
}
],
"category": "vendor",
"name": "meinberg"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle beruht auf einem Fehler beim Beenden einer fehlerhaften TCP Verbindung. Ein Angreifer kann kann dieses nutzen und Daten entschl\u00fcsseln. Die Nutzung von \"non-stitched\" Ciphersuites ist Voraussetzung f\u00fcr einen erfolgreichen Angriff. OpenSSL 1.1.1 oder 1.1.0 sind von dieser Schwachstelle nicht betroffen."
}
],
"product_status": {
"known_affected": [
"T035149",
"200814",
"67646",
"T013312",
"T004914",
"T032354",
"2951",
"T002207",
"T000126",
"9605",
"T001411",
"5930",
"T001663",
"1727",
"T005185"
]
},
"release_date": "2019-02-26T23:00:00.000+00:00",
"title": "CVE-2019-1559"
}
]
}
OPENSUSE-SU-2024:11126-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media
Notes
Title of the patch
libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media
Description of the patch
These are all security issues fixed in the libopenssl-1_0_0-devel-1.0.2u-6.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11126
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenssl-1_0_0-devel-1.0.2u-6.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11126",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11126-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-2937 page",
"url": "https://www.suse.com/security/cve/CVE-2006-2937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-2940 page",
"url": "https://www.suse.com/security/cve/CVE-2006-2940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-3738 page",
"url": "https://www.suse.com/security/cve/CVE-2006-3738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-4339 page",
"url": "https://www.suse.com/security/cve/CVE-2006-4339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-4343 page",
"url": "https://www.suse.com/security/cve/CVE-2006-4343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3108 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5135 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0891 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1672 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7055 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7056 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3731 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3732 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3735 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3736 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3737 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3738 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0732 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0737 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1547 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1551 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1551/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1563 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23840 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23841 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3712 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3712/"
}
],
"title": "libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11126-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"product_id": "libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl10-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl10-1.0.2u-6.2.aarch64",
"product_id": "libopenssl10-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-steam-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2u-6.2.aarch64",
"product": {
"name": "openssl-1_0_0-1.0.2u-6.2.aarch64",
"product_id": "openssl-1_0_0-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"product_id": "openssl-1_0_0-cavs-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"product": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"product_id": "openssl-1_0_0-doc-1.0.2u-6.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl10-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl10-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl10-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2u-6.2.ppc64le",
"product": {
"name": "openssl-1_0_0-1.0.2u-6.2.ppc64le",
"product_id": "openssl-1_0_0-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"product_id": "openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"product": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"product_id": "openssl-1_0_0-doc-1.0.2u-6.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"product_id": "libopenssl-1_0_0-devel-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl10-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl10-1.0.2u-6.2.s390x",
"product_id": "libopenssl10-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-steam-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2u-6.2.s390x",
"product": {
"name": "openssl-1_0_0-1.0.2u-6.2.s390x",
"product_id": "openssl-1_0_0-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"product_id": "openssl-1_0_0-cavs-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"product": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"product_id": "openssl-1_0_0-doc-1.0.2u-6.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"product_id": "libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl10-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl10-1.0.2u-6.2.x86_64",
"product_id": "libopenssl10-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-steam-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2u-6.2.x86_64",
"product": {
"name": "openssl-1_0_0-1.0.2u-6.2.x86_64",
"product_id": "openssl-1_0_0-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"product_id": "openssl-1_0_0-cavs-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2u-6.2.x86_64",
"product": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.x86_64",
"product_id": "openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl10-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl10-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl10-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl10-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl10-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl10-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl10-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl10-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64"
},
"product_reference": "openssl-1_0_0-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le"
},
"product_reference": "openssl-1_0_0-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x"
},
"product_reference": "openssl-1_0_0-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64"
},
"product_reference": "openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le"
},
"product_reference": "openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x"
},
"product_reference": "openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
},
"product_reference": "openssl-1_0_0-doc-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-2937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-2937"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-2937",
"url": "https://www.suse.com/security/cve/CVE-2006-2937"
},
{
"category": "external",
"summary": "SUSE Bug 202366 for CVE-2006-2937",
"url": "https://bugzilla.suse.com/202366"
},
{
"category": "external",
"summary": "SUSE Bug 207635 for CVE-2006-2937",
"url": "https://bugzilla.suse.com/207635"
},
{
"category": "external",
"summary": "SUSE Bug 215623 for CVE-2006-2937",
"url": "https://bugzilla.suse.com/215623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-2937"
},
{
"cve": "CVE-2006-2940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-2940"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-2940",
"url": "https://www.suse.com/security/cve/CVE-2006-2940"
},
{
"category": "external",
"summary": "SUSE Bug 202366 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/202366"
},
{
"category": "external",
"summary": "SUSE Bug 207635 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/207635"
},
{
"category": "external",
"summary": "SUSE Bug 208971 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/208971"
},
{
"category": "external",
"summary": "SUSE Bug 215623 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/215623"
},
{
"category": "external",
"summary": "SUSE Bug 223040 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/223040"
},
{
"category": "external",
"summary": "SUSE Bug 992991 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/992991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-2940"
},
{
"cve": "CVE-2006-3738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-3738"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-3738",
"url": "https://www.suse.com/security/cve/CVE-2006-3738"
},
{
"category": "external",
"summary": "SUSE Bug 202366 for CVE-2006-3738",
"url": "https://bugzilla.suse.com/202366"
},
{
"category": "external",
"summary": "SUSE Bug 215623 for CVE-2006-3738",
"url": "https://bugzilla.suse.com/215623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2006-3738"
},
{
"cve": "CVE-2006-4339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-4339"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-4339",
"url": "https://www.suse.com/security/cve/CVE-2006-4339"
},
{
"category": "external",
"summary": "SUSE Bug 202366 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/202366"
},
{
"category": "external",
"summary": "SUSE Bug 203595 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/203595"
},
{
"category": "external",
"summary": "SUSE Bug 206636 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/206636"
},
{
"category": "external",
"summary": "SUSE Bug 207635 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/207635"
},
{
"category": "external",
"summary": "SUSE Bug 215623 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/215623"
},
{
"category": "external",
"summary": "SUSE Bug 218303 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/218303"
},
{
"category": "external",
"summary": "SUSE Bug 233584 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/233584"
},
{
"category": "external",
"summary": "SUSE Bug 564512 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/564512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-4339"
},
{
"cve": "CVE-2006-4343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-4343"
}
],
"notes": [
{
"category": "general",
"text": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-4343",
"url": "https://www.suse.com/security/cve/CVE-2006-4343"
},
{
"category": "external",
"summary": "SUSE Bug 202366 for CVE-2006-4343",
"url": "https://bugzilla.suse.com/202366"
},
{
"category": "external",
"summary": "SUSE Bug 207635 for CVE-2006-4343",
"url": "https://bugzilla.suse.com/207635"
},
{
"category": "external",
"summary": "SUSE Bug 215623 for CVE-2006-4343",
"url": "https://bugzilla.suse.com/215623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-4343"
},
{
"cve": "CVE-2007-3108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3108"
}
],
"notes": [
{
"category": "general",
"text": "The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3108",
"url": "https://www.suse.com/security/cve/CVE-2007-3108"
},
{
"category": "external",
"summary": "SUSE Bug 296511 for CVE-2007-3108",
"url": "https://bugzilla.suse.com/296511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3108"
},
{
"cve": "CVE-2007-5135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5135"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5135",
"url": "https://www.suse.com/security/cve/CVE-2007-5135"
},
{
"category": "external",
"summary": "SUSE Bug 329208 for CVE-2007-5135",
"url": "https://bugzilla.suse.com/329208"
},
{
"category": "external",
"summary": "SUSE Bug 331726 for CVE-2007-5135",
"url": "https://bugzilla.suse.com/331726"
},
{
"category": "external",
"summary": "SUSE Bug 363663 for CVE-2007-5135",
"url": "https://bugzilla.suse.com/363663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-5135"
},
{
"cve": "CVE-2008-0891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0891"
}
],
"notes": [
{
"category": "general",
"text": "Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0891",
"url": "https://www.suse.com/security/cve/CVE-2008-0891"
},
{
"category": "external",
"summary": "SUSE Bug 394317 for CVE-2008-0891",
"url": "https://bugzilla.suse.com/394317"
},
{
"category": "external",
"summary": "SUSE Bug 404511 for CVE-2008-0891",
"url": "https://bugzilla.suse.com/404511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0891"
},
{
"cve": "CVE-2008-1672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1672"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses \"particular cipher suites,\" which triggers a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1672",
"url": "https://www.suse.com/security/cve/CVE-2008-1672"
},
{
"category": "external",
"summary": "SUSE Bug 394317 for CVE-2008-1672",
"url": "https://bugzilla.suse.com/394317"
},
{
"category": "external",
"summary": "SUSE Bug 404511 for CVE-2008-1672",
"url": "https://bugzilla.suse.com/404511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1672"
},
{
"cve": "CVE-2016-7055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7055"
}
],
"notes": [
{
"category": "general",
"text": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker\u0027s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7055",
"url": "https://www.suse.com/security/cve/CVE-2016-7055"
},
{
"category": "external",
"summary": "SUSE Bug 1009528 for CVE-2016-7055",
"url": "https://bugzilla.suse.com/1009528"
},
{
"category": "external",
"summary": "SUSE Bug 1021641 for CVE-2016-7055",
"url": "https://bugzilla.suse.com/1021641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-7055"
},
{
"cve": "CVE-2016-7056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7056"
}
],
"notes": [
{
"category": "general",
"text": "A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7056",
"url": "https://www.suse.com/security/cve/CVE-2016-7056"
},
{
"category": "external",
"summary": "SUSE Bug 1005878 for CVE-2016-7056",
"url": "https://bugzilla.suse.com/1005878"
},
{
"category": "external",
"summary": "SUSE Bug 1019334 for CVE-2016-7056",
"url": "https://bugzilla.suse.com/1019334"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2016-7056",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-7056"
},
{
"cve": "CVE-2017-3731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3731"
}
],
"notes": [
{
"category": "general",
"text": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3731",
"url": "https://www.suse.com/security/cve/CVE-2017-3731"
},
{
"category": "external",
"summary": "SUSE Bug 1021641 for CVE-2017-3731",
"url": "https://bugzilla.suse.com/1021641"
},
{
"category": "external",
"summary": "SUSE Bug 1022085 for CVE-2017-3731",
"url": "https://bugzilla.suse.com/1022085"
},
{
"category": "external",
"summary": "SUSE Bug 1064118 for CVE-2017-3731",
"url": "https://bugzilla.suse.com/1064118"
},
{
"category": "external",
"summary": "SUSE Bug 1064119 for CVE-2017-3731",
"url": "https://bugzilla.suse.com/1064119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-3731"
},
{
"cve": "CVE-2017-3732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3732"
}
],
"notes": [
{
"category": "general",
"text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3732",
"url": "https://www.suse.com/security/cve/CVE-2017-3732"
},
{
"category": "external",
"summary": "SUSE Bug 1021641 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1021641"
},
{
"category": "external",
"summary": "SUSE Bug 1022086 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1022086"
},
{
"category": "external",
"summary": "SUSE Bug 1049418 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1049418"
},
{
"category": "external",
"summary": "SUSE Bug 1049421 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1049421"
},
{
"category": "external",
"summary": "SUSE Bug 1049422 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1049422"
},
{
"category": "external",
"summary": "SUSE Bug 1066242 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1066242"
},
{
"category": "external",
"summary": "SUSE Bug 1071906 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1071906"
},
{
"category": "external",
"summary": "SUSE Bug 957814 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/957814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-3732"
},
{
"cve": "CVE-2017-3735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3735"
}
],
"notes": [
{
"category": "general",
"text": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3735",
"url": "https://www.suse.com/security/cve/CVE-2017-3735"
},
{
"category": "external",
"summary": "SUSE Bug 1056058 for CVE-2017-3735",
"url": "https://bugzilla.suse.com/1056058"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-3735"
},
{
"cve": "CVE-2017-3736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3736"
}
],
"notes": [
{
"category": "general",
"text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3736",
"url": "https://www.suse.com/security/cve/CVE-2017-3736"
},
{
"category": "external",
"summary": "SUSE Bug 1066242 for CVE-2017-3736",
"url": "https://bugzilla.suse.com/1066242"
},
{
"category": "external",
"summary": "SUSE Bug 1071906 for CVE-2017-3736",
"url": "https://bugzilla.suse.com/1071906"
},
{
"category": "external",
"summary": "SUSE Bug 1076369 for CVE-2017-3736",
"url": "https://bugzilla.suse.com/1076369"
},
{
"category": "external",
"summary": "SUSE Bug 957814 for CVE-2017-3736",
"url": "https://bugzilla.suse.com/957814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-3736"
},
{
"cve": "CVE-2017-3737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3737"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3737",
"url": "https://www.suse.com/security/cve/CVE-2017-3737"
},
{
"category": "external",
"summary": "SUSE Bug 1071905 for CVE-2017-3737",
"url": "https://bugzilla.suse.com/1071905"
},
{
"category": "external",
"summary": "SUSE Bug 1072322 for CVE-2017-3737",
"url": "https://bugzilla.suse.com/1072322"
},
{
"category": "external",
"summary": "SUSE Bug 1076369 for CVE-2017-3737",
"url": "https://bugzilla.suse.com/1076369"
},
{
"category": "external",
"summary": "SUSE Bug 1089987 for CVE-2017-3737",
"url": "https://bugzilla.suse.com/1089987"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2017-3737",
"url": "https://bugzilla.suse.com/1089997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-3737"
},
{
"cve": "CVE-2017-3738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3738"
}
],
"notes": [
{
"category": "general",
"text": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3738",
"url": "https://www.suse.com/security/cve/CVE-2017-3738"
},
{
"category": "external",
"summary": "SUSE Bug 1071906 for CVE-2017-3738",
"url": "https://bugzilla.suse.com/1071906"
},
{
"category": "external",
"summary": "SUSE Bug 1097757 for CVE-2017-3738",
"url": "https://bugzilla.suse.com/1097757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-3738"
},
{
"cve": "CVE-2018-0732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0732"
}
],
"notes": [
{
"category": "general",
"text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0732",
"url": "https://www.suse.com/security/cve/CVE-2018-0732"
},
{
"category": "external",
"summary": "SUSE Bug 1077628 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1077628"
},
{
"category": "external",
"summary": "SUSE Bug 1097158 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1097158"
},
{
"category": "external",
"summary": "SUSE Bug 1099502 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1099502"
},
{
"category": "external",
"summary": "SUSE Bug 1106692 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1106692"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1110163 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1110163"
},
{
"category": "external",
"summary": "SUSE Bug 1112097 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1112097"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0737"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0737",
"url": "https://www.suse.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "SUSE Bug 1089039 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089039"
},
{
"category": "external",
"summary": "SUSE Bug 1089041 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089041"
},
{
"category": "external",
"summary": "SUSE Bug 1089044 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089044"
},
{
"category": "external",
"summary": "SUSE Bug 1089045 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089045"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1123780 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1123780"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-0737"
},
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
},
{
"cve": "CVE-2019-1547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1547"
}
],
"notes": [
{
"category": "general",
"text": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1547",
"url": "https://www.suse.com/security/cve/CVE-2019-1547"
},
{
"category": "external",
"summary": "SUSE Bug 1150003 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1150003"
},
{
"category": "external",
"summary": "SUSE Bug 1154162 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1154162"
},
{
"category": "external",
"summary": "SUSE Bug 1154166 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1154166"
},
{
"category": "external",
"summary": "SUSE Bug 1156430 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1156430"
},
{
"category": "external",
"summary": "SUSE Bug 1161085 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1161085"
},
{
"category": "external",
"summary": "SUSE Bug 1205621 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1205621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-1547"
},
{
"cve": "CVE-2019-1551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1551"
}
],
"notes": [
{
"category": "general",
"text": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1551",
"url": "https://www.suse.com/security/cve/CVE-2019-1551"
},
{
"category": "external",
"summary": "SUSE Bug 1158809 for CVE-2019-1551",
"url": "https://bugzilla.suse.com/1158809"
},
{
"category": "external",
"summary": "SUSE Bug 1205621 for CVE-2019-1551",
"url": "https://bugzilla.suse.com/1205621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-1551"
},
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
},
{
"cve": "CVE-2019-1563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1563"
}
],
"notes": [
{
"category": "general",
"text": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1563",
"url": "https://www.suse.com/security/cve/CVE-2019-1563"
},
{
"category": "external",
"summary": "SUSE Bug 1150250 for CVE-2019-1563",
"url": "https://bugzilla.suse.com/1150250"
},
{
"category": "external",
"summary": "SUSE Bug 1154162 for CVE-2019-1563",
"url": "https://bugzilla.suse.com/1154162"
},
{
"category": "external",
"summary": "SUSE Bug 1156430 for CVE-2019-1563",
"url": "https://bugzilla.suse.com/1156430"
},
{
"category": "external",
"summary": "SUSE Bug 1205621 for CVE-2019-1563",
"url": "https://bugzilla.suse.com/1205621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-1563"
},
{
"cve": "CVE-2021-23840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23840"
}
],
"notes": [
{
"category": "general",
"text": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23840",
"url": "https://www.suse.com/security/cve/CVE-2021-23840"
},
{
"category": "external",
"summary": "SUSE Bug 1182333 for CVE-2021-23840",
"url": "https://bugzilla.suse.com/1182333"
},
{
"category": "external",
"summary": "SUSE Bug 1187743 for CVE-2021-23840",
"url": "https://bugzilla.suse.com/1187743"
},
{
"category": "external",
"summary": "SUSE Bug 1214334 for CVE-2021-23840",
"url": "https://bugzilla.suse.com/1214334"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-23840",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23840"
},
{
"cve": "CVE-2021-23841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23841"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23841",
"url": "https://www.suse.com/security/cve/CVE-2021-23841"
},
{
"category": "external",
"summary": "SUSE Bug 1182331 for CVE-2021-23841",
"url": "https://bugzilla.suse.com/1182331"
},
{
"category": "external",
"summary": "SUSE Bug 1187743 for CVE-2021-23841",
"url": "https://bugzilla.suse.com/1187743"
},
{
"category": "external",
"summary": "SUSE Bug 1214334 for CVE-2021-23841",
"url": "https://bugzilla.suse.com/1214334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23841"
},
{
"cve": "CVE-2021-3712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3712"
}
],
"notes": [
{
"category": "general",
"text": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3712",
"url": "https://www.suse.com/security/cve/CVE-2021-3712"
},
{
"category": "external",
"summary": "SUSE Bug 1189521 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1189521"
},
{
"category": "external",
"summary": "SUSE Bug 1190129 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1190129"
},
{
"category": "external",
"summary": "SUSE Bug 1191640 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1191640"
},
{
"category": "external",
"summary": "SUSE Bug 1192100 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1192100"
},
{
"category": "external",
"summary": "SUSE Bug 1192787 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1192787"
},
{
"category": "external",
"summary": "SUSE Bug 1194948 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1194948"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3712"
}
]
}
OPENSUSE-SU-2019:1105-1
Vulnerability from csaf_opensuse - Published: 2019-04-02 10:59 - Updated: 2019-04-02 10:59Summary
Security update for openssl-1_0_0
Notes
Title of the patch
Security update for openssl-1_0_0
Description of the patch
This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:
- The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances
a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-1105
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_0_0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_0_0 fixes the following issues:\n\nSecurity issues fixed: \n\n- The 9 Lives of Bleichenbacher\u0027s CAT: Cache Attacks on TLS Implementations (bsc#1117951)\n- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances\n a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1105",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1105-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1105-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BABYTFKK6BZ5GQXJED77GCUO2MDMDYO3/#BABYTFKK6BZ5GQXJED77GCUO2MDMDYO3"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1105-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BABYTFKK6BZ5GQXJED77GCUO2MDMDYO3/#BABYTFKK6BZ5GQXJED77GCUO2MDMDYO3"
},
{
"category": "self",
"summary": "SUSE Bug 1117951",
"url": "https://bugzilla.suse.com/1117951"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for openssl-1_0_0",
"tracking": {
"current_release_date": "2019-04-02T10:59:55Z",
"generator": {
"date": "2019-04-02T10:59:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1105-1",
"initial_release_date": "2019-04-02T10:59:55Z",
"revision_history": [
{
"date": "2019-04-02T10:59:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.i586",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.i586",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-lp150.2.13.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.2p-lp150.2.13.1.i586",
"product_id": "libopenssl1_0_0-1.0.2p-lp150.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.i586",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.i586",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-lp150.2.13.1.i586",
"product": {
"name": "openssl-1_0_0-1.0.2p-lp150.2.13.1.i586",
"product_id": "openssl-1_0_0-1.0.2p-lp150.2.13.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.i586",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.i586",
"product_id": "openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2p-lp150.2.13.1.noarch",
"product": {
"name": "openssl-1_0_0-doc-1.0.2p-lp150.2.13.1.noarch",
"product_id": "openssl-1_0_0-doc-1.0.2p-lp150.2.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.x86_64",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-lp150.2.13.1.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-lp150.2.13.1.x86_64",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2p-lp150.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.2p-lp150.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2p-lp150.2.13.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2p-lp150.2.13.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.2p-lp150.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-lp150.2.13.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-lp150.2.13.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2p-lp150.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"product": {
"name": "openssl-1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"product_id": "openssl-1_0_0-1.0.2p-lp150.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.x86_64",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.x86_64",
"product_id": "openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.i586"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-lp150.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libopenssl-1_0_0-devel-32bit-1.0.2p-lp150.2.13.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-32bit-1.0.2p-lp150.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-lp150.2.13.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libopenssl1_0_0-1.0.2p-lp150.2.13.1.i586"
},
"product_reference": "libopenssl1_0_0-1.0.2p-lp150.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-lp150.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libopenssl1_0_0-1.0.2p-lp150.2.13.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-lp150.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libopenssl1_0_0-32bit-1.0.2p-lp150.2.13.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-lp150.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.i586"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-lp150.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libopenssl1_0_0-hmac-32bit-1.0.2p-lp150.2.13.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2p-lp150.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-lp150.2.13.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:openssl-1_0_0-1.0.2p-lp150.2.13.1.i586"
},
"product_reference": "openssl-1_0_0-1.0.2p-lp150.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-lp150.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:openssl-1_0_0-1.0.2p-lp150.2.13.1.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.i586"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.x86_64"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2p-lp150.2.13.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:openssl-1_0_0-doc-1.0.2p-lp150.2.13.1.noarch"
},
"product_reference": "openssl-1_0_0-doc-1.0.2p-lp150.2.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl-1_0_0-devel-32bit-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:libopenssl1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-32bit-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-hmac-32bit-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:openssl-1_0_0-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:openssl-1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:openssl-1_0_0-doc-1.0.2p-lp150.2.13.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl-1_0_0-devel-32bit-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:libopenssl1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-32bit-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-hmac-32bit-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:openssl-1_0_0-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:openssl-1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:openssl-1_0_0-doc-1.0.2p-lp150.2.13.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:libopenssl-1_0_0-devel-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl-1_0_0-devel-32bit-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:libopenssl1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-32bit-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:libopenssl1_0_0-hmac-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:libopenssl1_0_0-hmac-32bit-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:openssl-1_0_0-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:openssl-1_0_0-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.i586",
"openSUSE Leap 15.0:openssl-1_0_0-cavs-1.0.2p-lp150.2.13.1.x86_64",
"openSUSE Leap 15.0:openssl-1_0_0-doc-1.0.2p-lp150.2.13.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-02T10:59:55Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
OPENSUSE-SU-2019:1432-1
Vulnerability from csaf_opensuse - Published: 2019-05-21 16:26 - Updated: 2019-05-21 16:26Summary
Security update for openssl-1_0_0
Notes
Title of the patch
Security update for openssl-1_0_0
Description of the patch
This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:
- The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances
a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-1432
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_0_0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_0_0 fixes the following issues:\n\nSecurity issues fixed: \n\n- The 9 Lives of Bleichenbacher\u0027s CAT: Cache Attacks on TLS Implementations (bsc#1117951)\n- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances\n a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1432",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1432-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1432-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PJYXWE62KKD5ASTWGRAR5B66BQCUHX6D/#PJYXWE62KKD5ASTWGRAR5B66BQCUHX6D"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1432-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PJYXWE62KKD5ASTWGRAR5B66BQCUHX6D/#PJYXWE62KKD5ASTWGRAR5B66BQCUHX6D"
},
{
"category": "self",
"summary": "SUSE Bug 1117951",
"url": "https://bugzilla.suse.com/1117951"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for openssl-1_0_0",
"tracking": {
"current_release_date": "2019-05-21T16:26:12Z",
"generator": {
"date": "2019-05-21T16:26:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1432-1",
"initial_release_date": "2019-05-21T16:26:12Z",
"revision_history": [
{
"date": "2019-05-21T16:26:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.i586",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.i586",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-lp151.5.3.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.2p-lp151.5.3.1.i586",
"product_id": "libopenssl1_0_0-1.0.2p-lp151.5.3.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.i586",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.i586",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-lp151.5.3.1.i586",
"product": {
"name": "openssl-1_0_0-1.0.2p-lp151.5.3.1.i586",
"product_id": "openssl-1_0_0-1.0.2p-lp151.5.3.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.i586",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.i586",
"product_id": "openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2p-lp151.5.3.1.noarch",
"product": {
"name": "openssl-1_0_0-doc-1.0.2p-lp151.5.3.1.noarch",
"product_id": "openssl-1_0_0-doc-1.0.2p-lp151.5.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.x86_64",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3.1.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3.1.x86_64",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.2p-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2p-lp151.5.3.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2p-lp151.5.3.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.2p-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"product": {
"name": "openssl-1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"product_id": "openssl-1_0_0-1.0.2p-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.x86_64",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.x86_64",
"product_id": "openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.i586"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libopenssl1_0_0-1.0.2p-lp151.5.3.1.i586"
},
"product_reference": "libopenssl1_0_0-1.0.2p-lp151.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libopenssl1_0_0-1.0.2p-lp151.5.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libopenssl1_0_0-32bit-1.0.2p-lp151.5.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.i586"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:openssl-1_0_0-1.0.2p-lp151.5.3.1.i586"
},
"product_reference": "openssl-1_0_0-1.0.2p-lp151.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:openssl-1_0_0-1.0.2p-lp151.5.3.1.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.i586"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.x86_64"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2p-lp151.5.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:openssl-1_0_0-doc-1.0.2p-lp151.5.3.1.noarch"
},
"product_reference": "openssl-1_0_0-doc-1.0.2p-lp151.5.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:libopenssl1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-32bit-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:openssl-1_0_0-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:openssl-1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:openssl-1_0_0-doc-1.0.2p-lp151.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:libopenssl1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-32bit-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:openssl-1_0_0-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:openssl-1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:openssl-1_0_0-doc-1.0.2p-lp151.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:libopenssl-1_0_0-devel-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:libopenssl1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-32bit-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:libopenssl1_0_0-hmac-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:openssl-1_0_0-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:openssl-1_0_0-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.i586",
"openSUSE Leap 15.1:openssl-1_0_0-cavs-1.0.2p-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:openssl-1_0_0-doc-1.0.2p-lp151.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-21T16:26:12Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
RHSA-2019:3931
Vulnerability from csaf_redhat - Published: 2019-11-20 16:04 - Updated: 2025-11-21 18:11Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release
Notes
Topic
Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.
Security Fix(es):
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
* tomcat: XSS in SSI printenv (CVE-2019-0221)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072)
* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n \nRefer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) \n* tomcat: XSS in SSI printenv (CVE-2019-0221) \n* openssl: 0-byte record padding oracle (CVE-2019-1559) \n* tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072)\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3931",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3931.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release",
"tracking": {
"current_release_date": "2025-11-21T18:11:20+00:00",
"generator": {
"date": "2025-11-21T18:11:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:3931",
"initial_release_date": "2019-11-20T16:04:24+00:00",
"revision_history": [
{
"date": "2019-11-20T16:04:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-02T16:22:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:11:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5",
"product": {
"name": "Red Hat JBoss Web Server 5",
"product_id": "Red Hat JBoss Web Server 5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2019-0199",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat HTTP/2 DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0199"
},
{
"category": "external",
"summary": "RHBZ#1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0199",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199"
}
],
"release_date": "2019-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Apache Tomcat HTTP/2 DoS"
},
{
"cve": "CVE-2019-0221",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713275"
}
],
"notes": [
{
"category": "description",
"text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: XSS in SSI printenv",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0221"
},
{
"category": "external",
"summary": "RHBZ#1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221"
}
],
"release_date": "2019-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: XSS in SSI printenv"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"cve": "CVE-2019-10072",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1723708"
}
],
"notes": [
{
"category": "description",
"text": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10072"
},
{
"category": "external",
"summary": "RHBZ#1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10072",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199"
}
]
}
RHSA-2019:2437
Vulnerability from csaf_redhat - Published: 2019-08-12 11:56 - Updated: 2025-11-21 18:09Summary
Red Hat Security Advisory: Red Hat Virtualization security update
Notes
Topic
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). (BZ#1669357, BZ#1669365, BZ#1684986, BZ#1711193, BZ#1717250, BZ#1726917)
Security Fix(es):
* python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160)
* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)
* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment (CVE-2019-10139)
* sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). (BZ#1669357, BZ#1669365, BZ#1684986, BZ#1711193, BZ#1717250, BZ#1726917)\n\nSecurity Fix(es):\n\n* python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160)\n\n* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)\n\n* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment (CVE-2019-10139)\n\n* sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2437",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1640820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640820"
},
{
"category": "external",
"summary": "1658366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658366"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "1687920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687920"
},
{
"category": "external",
"summary": "1694065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065"
},
{
"category": "external",
"summary": "1702223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702223"
},
{
"category": "external",
"summary": "1709829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709829"
},
{
"category": "external",
"summary": "1718388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718388"
},
{
"category": "external",
"summary": "1720156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720156"
},
{
"category": "external",
"summary": "1720160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720160"
},
{
"category": "external",
"summary": "1720310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720310"
},
{
"category": "external",
"summary": "1720434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720434"
},
{
"category": "external",
"summary": "1720435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720435"
},
{
"category": "external",
"summary": "1720436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720436"
},
{
"category": "external",
"summary": "1724044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724044"
},
{
"category": "external",
"summary": "1726534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1726534"
},
{
"category": "external",
"summary": "1727007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1727007"
},
{
"category": "external",
"summary": "1727859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1727859"
},
{
"category": "external",
"summary": "1728998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728998"
},
{
"category": "external",
"summary": "1729023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1729023"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2437.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Virtualization security update",
"tracking": {
"current_release_date": "2025-11-21T18:09:44+00:00",
"generator": {
"date": "2025-11-21T18:09:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:2437",
"initial_release_date": "2019-08-12T11:56:35+00:00",
"revision_history": [
{
"date": "2019-08-12T11:56:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-12T11:56:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:09:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.3.5-2.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"product": {
"name": "python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"product_id": "python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-imgbased@1.1.9-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.1.9-0.1.el7ev.noarch",
"product": {
"name": "imgbased-0:1.1.9-0.1.el7ev.noarch",
"product_id": "imgbased-0:1.1.9-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.1.9-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product": {
"name": "python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product_id": "python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ovirt-node-ng-nodectl@4.3.5-0.20190717.0.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product": {
"name": "ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product_id": "ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-node-ng-nodectl@4.3.5-0.20190717.0.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.3.5-20190722.0.el7_7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3.5-2.el7ev?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"product_id": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3.5-2.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.1.9-0.1.el7ev.src",
"product": {
"name": "imgbased-0:1.1.9-0.1.el7ev.src",
"product_id": "imgbased-0:1.1.9-0.1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.1.9-0.1.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"product": {
"name": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"product_id": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-node-ng@4.3.5-0.20190717.0.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"product": {
"name": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"product_id": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.3.5-20190722.0.el7_7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src"
},
"product_reference": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.1.9-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch"
},
"product_reference": "imgbased-0:1.1.9-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.1.9-0.1.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src"
},
"product_reference": "imgbased-0:1.1.9-0.1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src"
},
"product_reference": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch"
},
"product_reference": "ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-imgbased-0:1.1.9-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch"
},
"product_reference": "python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch"
},
"product_reference": "python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16838",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"discovery_date": "2018-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1640820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sssd: improper implementation of GPOs due to too restrictive permissions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16838"
},
{
"category": "external",
"summary": "RHBZ#1640820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16838",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16838"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16838",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16838"
}
],
"release_date": "2019-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "sssd: improper implementation of GPOs due to too restrictive permissions"
},
{
"acknowledgments": [
{
"names": [
"Joel Miller"
],
"organization": "Pennsylvania Higher Education Assistance Agency"
}
],
"cve": "CVE-2018-16881",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1658366"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16881"
},
{
"category": "external",
"summary": "RHBZ#1658366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16881"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"category": "workaround",
"details": "This vulnerability requires the \"imptcp\" module to be enabled, and listening on a port that can potentially be reached by attackers. This module is not enabled by default in Red Hat Enterprise Linux 7. To check if imptcp is enabled, look for the string `$InputPTCPServerRun`in your rsyslog configuration.",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled"
},
{
"cve": "CVE-2019-0161",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694065"
}
],
"notes": [
{
"category": "description",
"text": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: stack overflow in XHCI causing denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0161"
},
{
"category": "external",
"summary": "RHBZ#1694065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
}
],
"release_date": "2018-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: stack overflow in XHCI causing denial of service"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"cve": "CVE-2019-10139",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2019-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1709829"
}
],
"notes": [
{
"category": "description",
"text": "During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10139"
},
{
"category": "external",
"summary": "RHBZ#1709829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10139",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10139"
}
],
"release_date": "2019-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment"
},
{
"acknowledgments": [
{
"names": [
"Riccardo Schirone"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10160",
"cwe": {
"id": "CWE-172",
"name": "Encoding Error"
},
"discovery_date": "2019-06-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1718388"
}
],
"notes": [
{
"category": "description",
"text": "A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as the security regression was not introduced in those versions. See CVE-2019-9636 for more details about the how these versions of Red Hat Enterprise Linux are affected with regard to the original flaw.\n\nThis issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 8 as the security regression was not introduced in those versions. See CVE-2019-9636 for more details about the how these versions of Red Hat Enterprise Linux are affected with regard to the original flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10160"
},
{
"category": "external",
"summary": "RHBZ#1718388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10160"
},
{
"category": "external",
"summary": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html",
"url": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html"
}
],
"release_date": "2019-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc"
}
]
}
RHSA-2019:2304
Vulnerability from csaf_redhat - Published: 2019-08-06 13:42 - Updated: 2025-11-21 18:09Summary
Red Hat Security Advisory: openssl security and bug fix update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2304",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"category": "external",
"summary": "1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "1649568",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649568"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2304.json"
}
],
"title": "Red Hat Security Advisory: openssl security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T18:09:40+00:00",
"generator": {
"date": "2025-11-21T18:09:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:2304",
"initial_release_date": "2019-08-06T13:42:09+00:00",
"revision_history": [
{
"date": "2019-08-06T13:42:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-06T13:42:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:09:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-static-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.i686",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.i686",
"product_id": "openssl-static-1:1.0.2k-19.el7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.i686",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686",
"product_id": "openssl-devel-1:1.0.2k-19.el7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.i686",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686",
"product_id": "openssl-libs-1:1.0.2k-19.el7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:1.0.2k-19.el7.src",
"product": {
"name": "openssl-1:1.0.2k-19.el7.src",
"product_id": "openssl-1:1.0.2k-19.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-19.el7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-perl-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-static-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-devel-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-libs-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.s390",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.s390",
"product_id": "openssl-static-1:1.0.2k-19.el7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.s390",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390",
"product_id": "openssl-devel-1:1.0.2k-19.el7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.s390",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390",
"product_id": "openssl-libs-1:1.0.2k-19.el7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=s390\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-static-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.ppc",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc",
"product_id": "openssl-static-1:1.0.2k-19.el7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.ppc",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc",
"product_id": "openssl-devel-1:1.0.2k-19.el7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.ppc",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc",
"product_id": "openssl-libs-1:1.0.2k-19.el7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644364"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the DSA signature algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "RHBZ#1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T13:42:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
"product_ids": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the DSA signature algorithm"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T13:42:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
"product_ids": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
}
]
}
RHSA-2019:2471
Vulnerability from csaf_redhat - Published: 2019-08-13 15:13 - Updated: 2025-11-21 18:09Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: 0-byte record padding oracle (CVE-2019-1559)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2471",
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2471.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2025-11-21T18:09:45+00:00",
"generator": {
"date": "2025-11-21T18:09:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:2471",
"initial_release_date": "2019-08-13T15:13:25+00:00",
"revision_history": [
{
"date": "2019-08-13T15:13:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-13T15:13:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:09:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.x86_64",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64",
"product_id": "openssl-0:1.0.1e-58.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"product": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"product_id": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.1e-58.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"product": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"product_id": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.1e-58.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.i686",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.i686",
"product_id": "openssl-0:1.0.1e-58.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"product": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"product_id": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.1e-58.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-static-0:1.0.1e-58.el6_10.i686",
"product": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686",
"product_id": "openssl-static-0:1.0.1e-58.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.1e-58.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.src",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.src",
"product_id": "openssl-0:1.0.1e-58.el6_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"product": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"product_id": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.1e-58.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"product": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"product_id": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.1e-58.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.s390x",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x",
"product_id": "openssl-0:1.0.1e-58.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"product": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"product_id": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.1e-58.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"product": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"product_id": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.1e-58.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.ppc64",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64",
"product_id": "openssl-0:1.0.1e-58.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.ppc",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc",
"product_id": "openssl-0:1.0.1e-58.el6_10.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.s390",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.s390",
"product_id": "openssl-0:1.0.1e-58.el6_10.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=s390"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=s390"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-13T15:13:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
"product_ids": [
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
}
]
}
RHSA-2019_2437
Vulnerability from csaf_redhat - Published: 2019-08-12 11:56 - Updated: 2024-11-15 04:09Summary
Red Hat Security Advisory: Red Hat Virtualization security update
Notes
Topic
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). (BZ#1669357, BZ#1669365, BZ#1684986, BZ#1711193, BZ#1717250, BZ#1726917)
Security Fix(es):
* python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160)
* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)
* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment (CVE-2019-10139)
* sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). (BZ#1669357, BZ#1669365, BZ#1684986, BZ#1711193, BZ#1717250, BZ#1726917)\n\nSecurity Fix(es):\n\n* python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160)\n\n* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)\n\n* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment (CVE-2019-10139)\n\n* sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2437",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1640820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640820"
},
{
"category": "external",
"summary": "1658366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658366"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "1687920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687920"
},
{
"category": "external",
"summary": "1694065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065"
},
{
"category": "external",
"summary": "1702223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702223"
},
{
"category": "external",
"summary": "1709829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709829"
},
{
"category": "external",
"summary": "1718388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718388"
},
{
"category": "external",
"summary": "1720156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720156"
},
{
"category": "external",
"summary": "1720160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720160"
},
{
"category": "external",
"summary": "1720310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720310"
},
{
"category": "external",
"summary": "1720434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720434"
},
{
"category": "external",
"summary": "1720435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720435"
},
{
"category": "external",
"summary": "1720436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720436"
},
{
"category": "external",
"summary": "1724044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724044"
},
{
"category": "external",
"summary": "1726534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1726534"
},
{
"category": "external",
"summary": "1727007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1727007"
},
{
"category": "external",
"summary": "1727859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1727859"
},
{
"category": "external",
"summary": "1728998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728998"
},
{
"category": "external",
"summary": "1729023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1729023"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2437.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Virtualization security update",
"tracking": {
"current_release_date": "2024-11-15T04:09:09+00:00",
"generator": {
"date": "2024-11-15T04:09:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:2437",
"initial_release_date": "2019-08-12T11:56:35+00:00",
"revision_history": [
{
"date": "2019-08-12T11:56:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-12T11:56:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T04:09:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.3.5-2.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"product": {
"name": "python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"product_id": "python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-imgbased@1.1.9-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.1.9-0.1.el7ev.noarch",
"product": {
"name": "imgbased-0:1.1.9-0.1.el7ev.noarch",
"product_id": "imgbased-0:1.1.9-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.1.9-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product": {
"name": "python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product_id": "python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ovirt-node-ng-nodectl@4.3.5-0.20190717.0.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product": {
"name": "ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product_id": "ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-node-ng-nodectl@4.3.5-0.20190717.0.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.3.5-20190722.0.el7_7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3.5-2.el7ev?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"product_id": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3.5-2.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.1.9-0.1.el7ev.src",
"product": {
"name": "imgbased-0:1.1.9-0.1.el7ev.src",
"product_id": "imgbased-0:1.1.9-0.1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.1.9-0.1.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"product": {
"name": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"product_id": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-node-ng@4.3.5-0.20190717.0.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"product": {
"name": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"product_id": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.3.5-20190722.0.el7_7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src"
},
"product_reference": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.1.9-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch"
},
"product_reference": "imgbased-0:1.1.9-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.1.9-0.1.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src"
},
"product_reference": "imgbased-0:1.1.9-0.1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src"
},
"product_reference": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch"
},
"product_reference": "ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-imgbased-0:1.1.9-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch"
},
"product_reference": "python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch"
},
"product_reference": "python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16838",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"discovery_date": "2018-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1640820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sssd: improper implementation of GPOs due to too restrictive permissions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16838"
},
{
"category": "external",
"summary": "RHBZ#1640820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16838",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16838"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16838",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16838"
}
],
"release_date": "2019-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "sssd: improper implementation of GPOs due to too restrictive permissions"
},
{
"acknowledgments": [
{
"names": [
"Joel Miller"
],
"organization": "Pennsylvania Higher Education Assistance Agency"
}
],
"cve": "CVE-2018-16881",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1658366"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16881"
},
{
"category": "external",
"summary": "RHBZ#1658366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16881"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"category": "workaround",
"details": "This vulnerability requires the \"imptcp\" module to be enabled, and listening on a port that can potentially be reached by attackers. This module is not enabled by default in Red Hat Enterprise Linux 7. To check if imptcp is enabled, look for the string `$InputPTCPServerRun`in your rsyslog configuration.",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled"
},
{
"cve": "CVE-2019-0161",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694065"
}
],
"notes": [
{
"category": "description",
"text": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: stack overflow in XHCI causing denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0161"
},
{
"category": "external",
"summary": "RHBZ#1694065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
}
],
"release_date": "2018-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: stack overflow in XHCI causing denial of service"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"cve": "CVE-2019-10139",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2019-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1709829"
}
],
"notes": [
{
"category": "description",
"text": "During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10139"
},
{
"category": "external",
"summary": "RHBZ#1709829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10139",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10139"
}
],
"release_date": "2019-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment"
},
{
"acknowledgments": [
{
"names": [
"Riccardo Schirone"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10160",
"cwe": {
"id": "CWE-172",
"name": "Encoding Error"
},
"discovery_date": "2019-06-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1718388"
}
],
"notes": [
{
"category": "description",
"text": "A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as the security regression was not introduced in those versions. See CVE-2019-9636 for more details about the how these versions of Red Hat Enterprise Linux are affected with regard to the original flaw.\n\nThis issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 8 as the security regression was not introduced in those versions. See CVE-2019-9636 for more details about the how these versions of Red Hat Enterprise Linux are affected with regard to the original flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10160"
},
{
"category": "external",
"summary": "RHBZ#1718388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10160"
},
{
"category": "external",
"summary": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html",
"url": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html"
}
],
"release_date": "2019-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:56:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.5-20190722.0.el7_7.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.5-20190722.0.el7_7.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.9-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.9-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.5-0.20190717.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.5-2.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.5-2.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc"
}
]
}
RHBA-2020:0547
Vulnerability from csaf_redhat - Published: 2020-02-18 15:13 - Updated: 2025-11-25 18:21Summary
Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency
Notes
Topic
Container Image Rebuild for Ansible Tower 3.4 Dependency
Details
The ansible-tower-memcached container image has been updated for Red Hat Ansible Tower 3.4 for RHEL 7 to address security advisories:
RHSA-2019:2030
RHSA-2019:2118
RHSA-2019:2136
RHSA-2019:2197
RHSA-2019:2237
RHSA-2019:2304
RHSA-2019:4190
RHSA-2020:0227
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Container Image Rebuild for Ansible Tower 3.4 Dependency",
"title": "Topic"
},
{
"category": "general",
"text": "The ansible-tower-memcached container image has been updated for Red Hat Ansible Tower 3.4 for RHEL 7 to address security advisories:\n\nRHSA-2019:2030\nRHSA-2019:2118\nRHSA-2019:2136\nRHSA-2019:2197\nRHSA-2019:2237\nRHSA-2019:2304\nRHSA-2019:4190\nRHSA-2020:0227",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2020:0547",
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2030",
"url": "https://access.redhat.com/errata/RHSA-2019:2030"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2118",
"url": "https://access.redhat.com/errata/RHSA-2019:2118"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2136",
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2197",
"url": "https://access.redhat.com/errata/RHSA-2019:2197"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2237",
"url": "https://access.redhat.com/errata/RHSA-2019:2237"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2304",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:4190",
"url": "https://access.redhat.com/errata/RHSA-2019:4190"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2020:0227",
"url": "https://access.redhat.com/errata/RHSA-2020:0227"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_0547.json"
}
],
"title": "Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency",
"tracking": {
"current_release_date": "2025-11-25T18:21:27+00:00",
"generator": {
"date": "2025-11-25T18:21:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHBA-2020:0547",
"initial_release_date": "2020-02-18T15:13:57+00:00",
"revision_history": [
{
"date": "2020-02-18T15:13:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-18T15:13:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-25T18:21:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.4 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Tower 3.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product": {
"name": "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_id": "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-37/ansible-tower-memcached-rhel7\u0026tag=1.4.15-28"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product": {
"name": "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_id": "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-35/ansible-tower-memcached\u0026tag=1.4.15-28"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product": {
"name": "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_id": "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-34/ansible-tower-memcached\u0026tag=1.4.15-28"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
},
"product_reference": "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
},
"product_reference": "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
},
"product_reference": "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10739",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1347549"
}
],
"notes": [
{
"category": "description",
"text": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: getaddrinfo should reject IP addresses with trailing characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10739"
},
{
"category": "external",
"summary": "RHBZ#1347549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347549"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10739",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10739"
}
],
"release_date": "2016-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: getaddrinfo should reject IP addresses with trailing characters"
},
{
"cve": "CVE-2018-0495",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-06-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1591163"
}
],
"notes": [
{
"category": "description",
"text": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Since the 5.8.3 release, Red Hat CloudForms no longer uses libtomcrypt.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0495"
},
{
"category": "external",
"summary": "RHBZ#1591163",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591163"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0495"
},
{
"category": "external",
"summary": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
}
],
"release_date": "2018-06-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries"
},
{
"cve": "CVE-2018-0734",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644364"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the DSA signature algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "RHBZ#1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the DSA signature algorithm"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1122",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575466"
}
],
"notes": [
{
"category": "description",
"text": "If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: Local privilege escalation in top",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1122"
},
{
"category": "external",
"summary": "RHBZ#1575466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575466"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1122",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1122"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "procps: Local privilege escalation in top"
},
{
"cve": "CVE-2018-5818",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2018-12-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1661608"
}
],
"notes": [
{
"category": "description",
"text": "An error within the \"parse_rollei()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5818"
},
{
"category": "external",
"summary": "RHBZ#1661608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661608"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5818",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5818"
}
],
"release_date": "2018-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp"
},
{
"cve": "CVE-2018-5819",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-12-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1661604"
}
],
"notes": [
{
"category": "description",
"text": "An error within the \"parse_sinar_ia()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5819"
},
{
"category": "external",
"summary": "RHBZ#1661604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5819",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5819"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5819",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5819"
}
],
"release_date": "2018-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp"
},
{
"cve": "CVE-2018-12404",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-12-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1657913"
}
],
"notes": [
{
"category": "description",
"text": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nss: Cache side-channel variant of the Bleichenbacher attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12404"
},
{
"category": "external",
"summary": "RHBZ#1657913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1657913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12404"
}
],
"release_date": "2018-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nss: Cache side-channel variant of the Bleichenbacher attack"
},
{
"cve": "CVE-2018-12641",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1594410"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "binutils: Stack Exhaustion in the demangling functions provided by libiberty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The issue is classified as low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. The stack overflow in demangle_class_name() only triggers during the parsing of malformed ELF files, which would require an attacker to convince a user to process a malicious file with binutils. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12641"
},
{
"category": "external",
"summary": "RHBZ#1594410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594410"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12641",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12641"
}
],
"release_date": "2018-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty"
},
{
"cve": "CVE-2018-12697",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1595417"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this NULL pointer dereference is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with objdump. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12697"
},
{
"category": "external",
"summary": "RHBZ#1595417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595417"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12697"
}
],
"release_date": "2018-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c."
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"Zhaoyang Wu"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-14618",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-08-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1622707"
}
],
"notes": [
{
"category": "description",
"text": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: NTLM password overflow via integer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14618"
},
{
"category": "external",
"summary": "RHBZ#1622707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14618",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14618"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/CVE-2018-14618.html",
"url": "https://curl.haxx.se/docs/CVE-2018-14618.html"
}
],
"release_date": "2018-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: NTLM password overflow via integer overflow"
},
{
"acknowledgments": [
{
"names": [
"the Python Security Response Team"
]
}
],
"cve": "CVE-2018-14647",
"cwe": {
"id": "CWE-335",
"name": "Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2018-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1631822"
}
],
"notes": [
{
"category": "description",
"text": "Python\u0027s elementtree C accelerator failed to initialise Expat\u0027s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat\u0027s internal data structures, consuming large amounts CPU and RAM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Missing salt initialization in _elementtree.c module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14647"
},
{
"category": "external",
"summary": "RHBZ#1631822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14647"
},
{
"category": "external",
"summary": "https://bugs.python.org/issue34623",
"url": "https://bugs.python.org/issue34623"
}
],
"release_date": "2018-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Missing salt initialization in _elementtree.c module"
},
{
"acknowledgments": [
{
"names": [
"Jann Horn"
],
"organization": "Google Project Zero"
},
{
"names": [
"Ubuntu"
]
}
],
"cve": "CVE-2018-15686",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1639071"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: line splitting via fgets() allows for state injection during daemon-reexec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-15686"
},
{
"category": "external",
"summary": "RHBZ#1639071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1639071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-15686",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15686"
}
],
"release_date": "2018-10-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec"
},
{
"cve": "CVE-2018-16062",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-08-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1623752"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16062"
},
{
"category": "external",
"summary": "RHBZ#1623752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16062"
}
],
"release_date": "2018-08-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file"
},
{
"cve": "CVE-2018-16402",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625050"
}
],
"notes": [
{
"category": "description",
"text": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16402"
},
{
"category": "external",
"summary": "RHBZ#1625050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625050"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16402",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16402"
}
],
"release_date": "2018-08-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash"
},
{
"cve": "CVE-2018-16403",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625055"
}
],
"notes": [
{
"category": "description",
"text": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16403"
},
{
"category": "external",
"summary": "RHBZ#1625055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625055"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16403",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16403"
}
],
"release_date": "2018-08-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash"
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"Brian Carpenter"
],
"organization": "Geeknik Labs",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-16842",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644124"
}
],
"notes": [
{
"category": "description",
"text": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Heap-based buffer over-read in the curl tool warning formatting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16842"
},
{
"category": "external",
"summary": "RHBZ#1644124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644124"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16842"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/CVE-2018-16842.html",
"url": "https://curl.haxx.se/docs/CVE-2018-16842.html"
}
],
"release_date": "2018-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: Heap-based buffer over-read in the curl tool warning formatting"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-16866",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1653867"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon \u0027:\u0027. A local attacker can use this flaw to disclose process memory data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: out-of-bounds read when parsing a crafted syslog message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Virtualization Hypervisor and Management Appliance include vulnerable versions of systemd. However, since exploitation requires local access and impact is restricted to information disclosure, this flaw is rated as having a security issue of Low. Future updates may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16866"
},
{
"category": "external",
"summary": "RHBZ#1653867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16866",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16866"
},
{
"category": "external",
"summary": "https://www.qualys.com/2019/01/09/system-down/system-down.txt",
"url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
}
],
"release_date": "2019-01-09T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd: out-of-bounds read when parsing a crafted syslog message"
},
{
"cve": "CVE-2018-16888",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1662867"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: kills privileged process if unprivileged PIDFile was tampered",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16888"
},
{
"category": "external",
"summary": "RHBZ#1662867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1662867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16888",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16888"
}
],
"release_date": "2017-08-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "systemd: kills privileged process if unprivileged PIDFile was tampered"
},
{
"cve": "CVE-2018-18310",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1642604"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18310"
},
{
"category": "external",
"summary": "RHBZ#1642604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18310",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18310"
}
],
"release_date": "2018-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl"
},
{
"cve": "CVE-2018-18520",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646477"
}
],
"notes": [
{
"category": "description",
"text": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: eu-size cannot handle recursive ar files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18520"
},
{
"category": "external",
"summary": "RHBZ#1646477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646477"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18520"
}
],
"release_date": "2018-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: eu-size cannot handle recursive ar files"
},
{
"cve": "CVE-2018-18521",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646482"
}
],
"notes": [
{
"category": "description",
"text": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18521"
},
{
"category": "external",
"summary": "RHBZ#1646482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646482"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18521",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18521"
}
],
"release_date": "2018-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c"
},
{
"cve": "CVE-2018-20217",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2018-12-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1665296"
}
],
"notes": [
{
"category": "description",
"text": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: Reachable assertion in the KDC using S4U2Self requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20217"
},
{
"category": "external",
"summary": "RHBZ#1665296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20217",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20217"
}
],
"release_date": "2018-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: Reachable assertion in the KDC using S4U2Self requests"
},
{
"cve": "CVE-2018-1000876",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1664699"
}
],
"notes": [
{
"category": "description",
"text": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "binutils: integer overflow leads to heap-based buffer overflow in objdump",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The issue is classified as moderate severity primarily because of the unlikelihood of running a 32bit compiled objdump and/or having a compiled binary that uses 32bit compiled binutils libraries to analyze binaries from a not trusted source. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security. \n\nAs per upstream binutils security policy this issue is not considered as a security flaw. Basically the key element of the policy that affects this is the understanding that analysis of untrusted binaries must always be done in a sandbox because the ELF format is open ended enough to make the analysis tools do anything, like including and processing arbitrary files. This eliminates the only possible vulnerability vector here, which is the possibility of a user being tricked into downloading and analyzing an untrusted ELF without sandboxing.\n\nSee the binutils security policy for more details:\nhttps://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-190: Integer Overflow leading to a CWE-122: Heap-based Buffer Overflow vulnerability, and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and enforced through least privilege, ensuring only authorized users can execute or modify code. Red Hat also applies least functionality, enabling only essential features, services, and ports to reduce the attack surface for heap-based buffer overflow exploits. The environment uses IPS/IDS and antimalware solutions to detect and respond to threats in real time, helping prevent or limit exploitation attempts. Static code analysis and peer reviews ensure all user inputs are thoroughly validated, reducing the risk of system instability, data exposure, or privilege escalation. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against buffer overflows and denial-of-service attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000876"
},
{
"category": "external",
"summary": "RHBZ#1664699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1664699"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876"
}
],
"release_date": "2018-12-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "binutils: integer overflow leads to heap-based buffer overflow in objdump"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"acknowledgments": [
{
"names": [
"the libssh2 project"
]
},
{
"names": [
"Chris Coulson"
],
"organization": "Canonical Ltd.",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-3858",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1687306"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3858"
},
{
"category": "external",
"summary": "RHBZ#1687306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3858",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3858"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3858",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3858"
},
{
"category": "external",
"summary": "https://www.libssh2.org/CVE-2019-3858.html",
"url": "https://www.libssh2.org/CVE-2019-3858.html"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read"
},
{
"acknowledgments": [
{
"names": [
"the libssh2 project"
]
},
{
"names": [
"Chris Coulson"
],
"organization": "Canonical Ltd.",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-3861",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1687311"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh2: Out-of-bounds reads with specially crafted SSH packets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3861"
},
{
"category": "external",
"summary": "RHBZ#1687311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687311"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3861",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3861"
},
{
"category": "external",
"summary": "https://www.libssh2.org/CVE-2019-3861.html",
"url": "https://www.libssh2.org/CVE-2019-3861.html"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh2: Out-of-bounds reads with specially crafted SSH packets"
},
{
"acknowledgments": [
{
"names": [
"the libssh2 project"
]
},
{
"names": [
"Chris Coulson"
],
"organization": "Canonical Ltd.",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-3862",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2019-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1687312"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3862"
},
{
"category": "external",
"summary": "RHBZ#1687312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687312"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3862",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3862"
},
{
"category": "external",
"summary": "https://www.libssh2.org/CVE-2019-3862.html",
"url": "https://www.libssh2.org/CVE-2019-3862.html"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request"
},
{
"cve": "CVE-2019-5010",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666519"
}
],
"notes": [
{
"category": "description",
"text": "A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: NULL pointer dereference using a specially crafted X509 certificate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5010"
},
{
"category": "external",
"summary": "RHBZ#1666519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5010"
},
{
"category": "external",
"summary": "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html",
"url": "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html"
}
],
"release_date": "2019-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: NULL pointer dereference using a specially crafted X509 certificate"
},
{
"cve": "CVE-2019-7149",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1671443"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-7149"
},
{
"category": "external",
"summary": "RHBZ#1671443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-7149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7149"
}
],
"release_date": "2019-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw"
},
{
"cve": "CVE-2019-7150",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1671446"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-7150"
},
{
"category": "external",
"summary": "RHBZ#1671446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-7150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7150"
}
],
"release_date": "2018-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c"
},
{
"cve": "CVE-2019-7664",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2019-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677536"
}
],
"notes": [
{
"category": "description",
"text": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-7664"
},
{
"category": "external",
"summary": "RHBZ#1677536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677536"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-7664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7664"
}
],
"release_date": "2019-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h"
},
{
"cve": "CVE-2019-7665",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677538"
}
],
"notes": [
{
"category": "description",
"text": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-7665"
},
{
"category": "external",
"summary": "RHBZ#1677538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-7665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7665"
}
],
"release_date": "2019-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c"
},
{
"cve": "CVE-2019-9740",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-03-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1688169"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: CRLF injection via the query part of the url passed to urlopen()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects:\n* All current versions of Red Hat OpenStack Platform. However, version 8 is due to retire on the 20th of April 2019, there are no more planned releases prior to this date.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9740"
},
{
"category": "external",
"summary": "RHBZ#1688169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9740"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: CRLF injection via the query part of the url passed to urlopen()"
},
{
"cve": "CVE-2019-9947",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695572"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: CRLF injection via the path part of the url passed to urlopen()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "RHBZ#1695572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695572"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9947"
}
],
"release_date": "2019-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: CRLF injection via the path part of the url passed to urlopen()"
},
{
"cve": "CVE-2019-9948",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695570"
}
],
"notes": [
{
"category": "description",
"text": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(\u0027local_file:///etc/passwd\u0027) call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9948"
},
{
"category": "external",
"summary": "RHBZ#1695570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9948"
}
],
"release_date": "2019-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "If your application uses a blacklist to prevent \"file://\" schema from being used, consider using a whitelist approach to just allow the schemas you want or add \"local_file://\" schema to your blacklist.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Jonas Allmann"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-11729",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2019-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728437"
}
],
"notes": [
{
"category": "description",
"text": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Firefox on Red Hat Enterprise Linux is built against the system nss library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11729"
},
{
"category": "external",
"summary": "RHBZ#1728437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11729"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729"
}
],
"release_date": "2019-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Project"
]
}
],
"cve": "CVE-2019-11745",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1774831"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Firefox and Thunderbird on Red Hat Enterprise Linux are built against the system nss library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11745"
},
{
"category": "external",
"summary": "RHBZ#1774831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11745"
},
{
"category": "external",
"summary": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes"
},
{
"category": "external",
"summary": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes"
}
],
"release_date": "2019-11-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate"
},
{
"cve": "CVE-2019-13734",
"discovery_date": "2019-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1781980"
}
],
"notes": [
{
"category": "description",
"text": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: fts3: improve shadow table corruption detection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13734"
},
{
"category": "external",
"summary": "RHBZ#1781980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13734"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: fts3: improve shadow table corruption detection"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1734",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2019-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1801804"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: shell enabled by default in a pipe lookup plugin subprocess",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "RHBZ#1801804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "This issue can be avoided by escaping variables which are used in the lookup.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: shell enabled by default in a pipe lookup plugin subprocess"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1735",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: path injection on dest parameter in fetch module",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1735"
},
{
"category": "external",
"summary": "RHBZ#1802085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: path injection on dest parameter in fetch module"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1736",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802124"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: atomic_move primitive sets permissive permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1736"
},
{
"category": "external",
"summary": "RHBZ#1802124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802124"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: atomic_move primitive sets permissive permissions"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1737",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Extract-Zip function in win_unzip module does not check extracted path",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1737"
},
{
"category": "external",
"summary": "RHBZ#1802154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1737"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Extract-Zip function in win_unzip module does not check extracted path"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1738",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when the module package or service is used and the parameter \u0027use\u0027 is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: module package can be selected by the ansible facts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1738"
},
{
"category": "external",
"summary": "RHBZ#1802164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Specify the parameter \u0027use\u0027 when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: module package can be selected by the ansible facts"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1739",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802178"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: svn module leaks password when specified as a parameter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1739"
},
{
"category": "external",
"summary": "RHBZ#1802178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1739",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Instead of using the parameter \u0027password\u0027 of the subversion module, provide the password with stdin.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: svn module leaks password when specified as a parameter"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1740",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: secrets readable after ansible-vault edit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1740"
},
{
"category": "external",
"summary": "RHBZ#1802193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the \u0027edit\u0027 option from \u0027ansible-vault\u0027 command line tool.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: secrets readable after ansible-vault edit"
},
{
"acknowledgments": [
{
"names": [
"Felix Fountein"
]
}
],
"cve": "CVE-2020-1746",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805491"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Information disclosure issue in ldap_attr and ldap_entry modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1746"
},
{
"category": "external",
"summary": "RHBZ#1805491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805491"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1746"
}
],
"release_date": "2020-02-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: Information disclosure issue in ldap_attr and ldap_entry modules"
},
{
"acknowledgments": [
{
"names": [
"Abhijeet Kasurde"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1753",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2020-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1811008"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: kubectl connection plugin leaks sensitive information",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1753"
},
{
"category": "external",
"summary": "RHBZ#1811008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1753"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753"
}
],
"release_date": "2020-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: kubectl connection plugin leaks sensitive information"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-10684",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: code injection when using ansible_facts as a subkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10684"
},
{
"category": "external",
"summary": "RHBZ#1815519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10684"
}
],
"release_date": "2020-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Ansible: code injection when using ansible_facts as a subkey"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-10685",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1814627"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: modules which use files encrypted with vault are not properly cleaned up",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10685"
},
{
"category": "external",
"summary": "RHBZ#1814627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: modules which use files encrypted with vault are not properly cleaned up"
}
]
}
RHSA-2019:2439
Vulnerability from csaf_redhat - Published: 2019-08-12 11:53 - Updated: 2025-11-21 18:09Summary
Red Hat Security Advisory: rhvm-appliance security, bug fix, and enhancement update
Notes
Topic
An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.
The following packages have been upgraded to a later upstream version: rhvm-appliance (4.3). (BZ#1669364, BZ#1684987, BZ#1697231, BZ#1720255)
Security Fix(es):
* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.\n\nThe following packages have been upgraded to a later upstream version: rhvm-appliance (4.3). (BZ#1669364, BZ#1684987, BZ#1697231, BZ#1720255)\n\nSecurity Fix(es):\n\n* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2439",
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1658366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658366"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "1693777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777"
},
{
"category": "external",
"summary": "1720255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720255"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2439.json"
}
],
"title": "Red Hat Security Advisory: rhvm-appliance security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:09:45+00:00",
"generator": {
"date": "2025-11-21T18:09:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:2439",
"initial_release_date": "2019-08-12T11:53:57+00:00",
"revision_history": [
{
"date": "2019-08-12T11:53:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-12T11:53:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:09:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"product": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"product_id": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.3-20190722.0.el7?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-2:4.3-20190722.0.el7.src",
"product": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.src",
"product_id": "rhvm-appliance-2:4.3-20190722.0.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.3-20190722.0.el7?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src"
},
"product_reference": "rhvm-appliance-2:4.3-20190722.0.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
},
"product_reference": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src"
},
"product_reference": "rhvm-appliance-2:4.3-20190722.0.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
},
"product_reference": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Joel Miller"
],
"organization": "Pennsylvania Higher Education Assistance Agency"
}
],
"cve": "CVE-2018-16881",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1658366"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16881"
},
{
"category": "external",
"summary": "RHBZ#1658366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16881"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:53:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"category": "workaround",
"details": "This vulnerability requires the \"imptcp\" module to be enabled, and listening on a port that can potentially be reached by attackers. This module is not enabled by default in Red Hat Enterprise Linux 7. To check if imptcp is enabled, look for the string `$InputPTCPServerRun`in your rsyslog configuration.",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:53:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"acknowledgments": [
{
"names": [
"Carter Kozak"
]
}
],
"cve": "CVE-2019-3888",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693777"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3888"
},
{
"category": "external",
"summary": "RHBZ#1693777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888"
}
],
"release_date": "2019-06-10T15:13:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:53:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed"
}
]
}
RHSA-2019_2439
Vulnerability from csaf_redhat - Published: 2019-08-12 11:53 - Updated: 2024-11-15 05:16Summary
Red Hat Security Advisory: rhvm-appliance security, bug fix, and enhancement update
Notes
Topic
An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.
The following packages have been upgraded to a later upstream version: rhvm-appliance (4.3). (BZ#1669364, BZ#1684987, BZ#1697231, BZ#1720255)
Security Fix(es):
* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.\n\nThe following packages have been upgraded to a later upstream version: rhvm-appliance (4.3). (BZ#1669364, BZ#1684987, BZ#1697231, BZ#1720255)\n\nSecurity Fix(es):\n\n* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2439",
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1658366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658366"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "1693777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777"
},
{
"category": "external",
"summary": "1720255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720255"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2439.json"
}
],
"title": "Red Hat Security Advisory: rhvm-appliance security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-15T05:16:06+00:00",
"generator": {
"date": "2024-11-15T05:16:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:2439",
"initial_release_date": "2019-08-12T11:53:57+00:00",
"revision_history": [
{
"date": "2019-08-12T11:53:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-12T11:53:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T05:16:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"product": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"product_id": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.3-20190722.0.el7?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-2:4.3-20190722.0.el7.src",
"product": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.src",
"product_id": "rhvm-appliance-2:4.3-20190722.0.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.3-20190722.0.el7?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src"
},
"product_reference": "rhvm-appliance-2:4.3-20190722.0.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
},
"product_reference": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src"
},
"product_reference": "rhvm-appliance-2:4.3-20190722.0.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
},
"product_reference": "rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Joel Miller"
],
"organization": "Pennsylvania Higher Education Assistance Agency"
}
],
"cve": "CVE-2018-16881",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1658366"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16881"
},
{
"category": "external",
"summary": "RHBZ#1658366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16881"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:53:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"category": "workaround",
"details": "This vulnerability requires the \"imptcp\" module to be enabled, and listening on a port that can potentially be reached by attackers. This module is not enabled by default in Red Hat Enterprise Linux 7. To check if imptcp is enabled, look for the string `$InputPTCPServerRun`in your rsyslog configuration.",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:53:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"acknowledgments": [
{
"names": [
"Carter Kozak"
]
}
],
"cve": "CVE-2019-3888",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693777"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3888"
},
{
"category": "external",
"summary": "RHBZ#1693777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888"
}
],
"release_date": "2019-06-10T15:13:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-12T11:53:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190722.0.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed"
}
]
}
RHSA-2019:3929
Vulnerability from csaf_redhat - Published: 2019-11-20 16:08 - Updated: 2025-11-21 18:11Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release
Notes
Topic
Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.
Security Fix(es):
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072)
* tomcat: XSS in SSI printenv (CVE-2019-0221)
* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3929",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3929.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release",
"tracking": {
"current_release_date": "2025-11-21T18:11:20+00:00",
"generator": {
"date": "2025-11-21T18:11:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:3929",
"initial_release_date": "2019-11-20T16:08:26+00:00",
"revision_history": [
{
"date": "2019-11-20T16:08:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-02T16:26:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:11:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.2 for RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el8jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"product": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"product": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"product": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el6jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el8jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el8jws?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el6jws?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch"
},
"product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch"
},
"product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch"
},
"product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch"
},
"product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch"
},
"product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch"
},
"product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2019-0199",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat HTTP/2 DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0199"
},
{
"category": "external",
"summary": "RHBZ#1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0199",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199"
}
],
"release_date": "2019-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Apache Tomcat HTTP/2 DoS"
},
{
"cve": "CVE-2019-0221",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713275"
}
],
"notes": [
{
"category": "description",
"text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: XSS in SSI printenv",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0221"
},
{
"category": "external",
"summary": "RHBZ#1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221"
}
],
"release_date": "2019-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: XSS in SSI printenv"
},
{
"cve": "CVE-2019-0232",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Apache Tomcat, where a Java Runtime Environment can pass a command-line argument in the Windows operating system. The execution of arbitrary commands via Tomcat\u2019s Common Gateway Interface (CGI) Servlet, allows an attacker to perform remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is specific to the Windows platform\u0027s treatment of file names and how they must be quoted. Tomcat running on Linux hosts is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0232"
},
{
"category": "external",
"summary": "RHBZ#1701056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0232"
}
],
"release_date": "2019-04-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution on Windows"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"cve": "CVE-2019-10072",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1723708"
}
],
"notes": [
{
"category": "description",
"text": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10072"
},
{
"category": "external",
"summary": "RHBZ#1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10072",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199"
}
]
}
RHSA-2019_2471
Vulnerability from csaf_redhat - Published: 2019-08-13 15:13 - Updated: 2024-11-15 04:09Summary
Red Hat Security Advisory: openssl security update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: 0-byte record padding oracle (CVE-2019-1559)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2471",
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2471.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2024-11-15T04:09:03+00:00",
"generator": {
"date": "2024-11-15T04:09:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:2471",
"initial_release_date": "2019-08-13T15:13:25+00:00",
"revision_history": [
{
"date": "2019-08-13T15:13:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-13T15:13:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T04:09:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.x86_64",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64",
"product_id": "openssl-0:1.0.1e-58.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"product": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"product_id": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.1e-58.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"product": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"product_id": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.1e-58.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.i686",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.i686",
"product_id": "openssl-0:1.0.1e-58.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"product": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"product_id": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.1e-58.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-static-0:1.0.1e-58.el6_10.i686",
"product": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686",
"product_id": "openssl-static-0:1.0.1e-58.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.1e-58.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.src",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.src",
"product_id": "openssl-0:1.0.1e-58.el6_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"product": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"product_id": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.1e-58.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"product": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"product_id": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.1e-58.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.s390x",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x",
"product_id": "openssl-0:1.0.1e-58.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"product": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"product_id": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.1e-58.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"product": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"product_id": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.1e-58.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.ppc64",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64",
"product_id": "openssl-0:1.0.1e-58.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.ppc",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc",
"product_id": "openssl-0:1.0.1e-58.el6_10.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-0:1.0.1e-58.el6_10.s390",
"product": {
"name": "openssl-0:1.0.1e-58.el6_10.s390",
"product_id": "openssl-0:1.0.1e-58.el6_10.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.1e-58.el6_10?arch=s390"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"product": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"product_id": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.1e-58.el6_10?arch=s390"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"product": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"product_id": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.1e-58.el6_10?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.src",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-0:1.0.1e-58.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
},
"product_reference": "openssl-static-0:1.0.1e-58.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-13T15:13:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
"product_ids": [
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Client-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Client-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6ComputeNode-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6ComputeNode-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Server-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Server-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.src",
"6Workstation-optional-6.10.z:openssl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-debuginfo-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-devel-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-perl-0:1.0.1e-58.el6_10.x86_64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.i686",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.ppc64",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.s390x",
"6Workstation-optional-6.10.z:openssl-static-0:1.0.1e-58.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
}
]
}
RHBA-2020_0547
Vulnerability from csaf_redhat - Published: 2020-02-18 15:13 - Updated: 2024-11-22 14:26Summary
Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency
Notes
Topic
Container Image Rebuild for Ansible Tower 3.4 Dependency
Details
The ansible-tower-memcached container image has been updated for Red Hat Ansible Tower 3.4 for RHEL 7 to address security advisories:
RHSA-2019:2030
RHSA-2019:2118
RHSA-2019:2136
RHSA-2019:2197
RHSA-2019:2237
RHSA-2019:2304
RHSA-2019:4190
RHSA-2020:0227
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Container Image Rebuild for Ansible Tower 3.4 Dependency",
"title": "Topic"
},
{
"category": "general",
"text": "The ansible-tower-memcached container image has been updated for Red Hat Ansible Tower 3.4 for RHEL 7 to address security advisories:\n\nRHSA-2019:2030\nRHSA-2019:2118\nRHSA-2019:2136\nRHSA-2019:2197\nRHSA-2019:2237\nRHSA-2019:2304\nRHSA-2019:4190\nRHSA-2020:0227",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2020:0547",
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2030",
"url": "https://access.redhat.com/errata/RHSA-2019:2030"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2118",
"url": "https://access.redhat.com/errata/RHSA-2019:2118"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2136",
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2197",
"url": "https://access.redhat.com/errata/RHSA-2019:2197"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2237",
"url": "https://access.redhat.com/errata/RHSA-2019:2237"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:2304",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2019:4190",
"url": "https://access.redhat.com/errata/RHSA-2019:4190"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2020:0227",
"url": "https://access.redhat.com/errata/RHSA-2020:0227"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_0547.json"
}
],
"title": "Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency",
"tracking": {
"current_release_date": "2024-11-22T14:26:18+00:00",
"generator": {
"date": "2024-11-22T14:26:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2020:0547",
"initial_release_date": "2020-02-18T15:13:57+00:00",
"revision_history": [
{
"date": "2020-02-18T15:13:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-18T15:13:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:26:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.4 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Tower 3.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product": {
"name": "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_id": "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-37/ansible-tower-memcached-rhel7\u0026tag=1.4.15-28"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product": {
"name": "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_id": "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-35/ansible-tower-memcached\u0026tag=1.4.15-28"
}
}
},
{
"category": "product_version",
"name": "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product": {
"name": "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_id": "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-34/ansible-tower-memcached\u0026tag=1.4.15-28"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
},
"product_reference": "ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
},
"product_reference": "ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64 as a component of Red Hat Ansible Tower 3.4 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
},
"product_reference": "ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10739",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1347549"
}
],
"notes": [
{
"category": "description",
"text": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: getaddrinfo should reject IP addresses with trailing characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10739"
},
{
"category": "external",
"summary": "RHBZ#1347549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347549"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10739",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10739"
}
],
"release_date": "2016-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: getaddrinfo should reject IP addresses with trailing characters"
},
{
"cve": "CVE-2018-0495",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-06-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1591163"
}
],
"notes": [
{
"category": "description",
"text": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Since the 5.8.3 release, Red Hat CloudForms no longer uses libtomcrypt.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0495"
},
{
"category": "external",
"summary": "RHBZ#1591163",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591163"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0495"
},
{
"category": "external",
"summary": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
}
],
"release_date": "2018-06-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries"
},
{
"cve": "CVE-2018-0734",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644364"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the DSA signature algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "RHBZ#1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the DSA signature algorithm"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1122",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575466"
}
],
"notes": [
{
"category": "description",
"text": "If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: Local privilege escalation in top",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1122"
},
{
"category": "external",
"summary": "RHBZ#1575466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575466"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1122",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1122"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "procps: Local privilege escalation in top"
},
{
"cve": "CVE-2018-5818",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2018-12-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1661608"
}
],
"notes": [
{
"category": "description",
"text": "An error within the \"parse_rollei()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5818"
},
{
"category": "external",
"summary": "RHBZ#1661608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661608"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5818",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5818"
}
],
"release_date": "2018-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp"
},
{
"cve": "CVE-2018-5819",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-12-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1661604"
}
],
"notes": [
{
"category": "description",
"text": "An error within the \"parse_sinar_ia()\" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5819"
},
{
"category": "external",
"summary": "RHBZ#1661604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5819",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5819"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5819",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5819"
}
],
"release_date": "2018-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp"
},
{
"cve": "CVE-2018-12404",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-12-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1657913"
}
],
"notes": [
{
"category": "description",
"text": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nss: Cache side-channel variant of the Bleichenbacher attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12404"
},
{
"category": "external",
"summary": "RHBZ#1657913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1657913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12404"
}
],
"release_date": "2018-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nss: Cache side-channel variant of the Bleichenbacher attack"
},
{
"cve": "CVE-2018-12641",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1594410"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "binutils: Stack Exhaustion in the demangling functions provided by libiberty",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12641"
},
{
"category": "external",
"summary": "RHBZ#1594410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594410"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12641",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12641"
}
],
"release_date": "2018-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty"
},
{
"cve": "CVE-2018-12697",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1595417"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12697"
},
{
"category": "external",
"summary": "RHBZ#1595417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595417"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12697"
}
],
"release_date": "2018-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c."
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"Zhaoyang Wu"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-14618",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-08-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1622707"
}
],
"notes": [
{
"category": "description",
"text": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: NTLM password overflow via integer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14618"
},
{
"category": "external",
"summary": "RHBZ#1622707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14618",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14618"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/CVE-2018-14618.html",
"url": "https://curl.haxx.se/docs/CVE-2018-14618.html"
}
],
"release_date": "2018-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: NTLM password overflow via integer overflow"
},
{
"acknowledgments": [
{
"names": [
"the Python Security Response Team"
]
}
],
"cve": "CVE-2018-14647",
"cwe": {
"id": "CWE-335",
"name": "Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2018-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1631822"
}
],
"notes": [
{
"category": "description",
"text": "Python\u0027s elementtree C accelerator failed to initialise Expat\u0027s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat\u0027s internal data structures, consuming large amounts CPU and RAM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Missing salt initialization in _elementtree.c module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14647"
},
{
"category": "external",
"summary": "RHBZ#1631822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14647"
},
{
"category": "external",
"summary": "https://bugs.python.org/issue34623",
"url": "https://bugs.python.org/issue34623"
}
],
"release_date": "2018-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Missing salt initialization in _elementtree.c module"
},
{
"acknowledgments": [
{
"names": [
"Jann Horn"
],
"organization": "Google Project Zero"
},
{
"names": [
"Ubuntu"
]
}
],
"cve": "CVE-2018-15686",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1639071"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: line splitting via fgets() allows for state injection during daemon-reexec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-15686"
},
{
"category": "external",
"summary": "RHBZ#1639071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1639071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-15686",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15686"
}
],
"release_date": "2018-10-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec"
},
{
"cve": "CVE-2018-16062",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-08-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1623752"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16062"
},
{
"category": "external",
"summary": "RHBZ#1623752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16062"
}
],
"release_date": "2018-08-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file"
},
{
"cve": "CVE-2018-16402",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625050"
}
],
"notes": [
{
"category": "description",
"text": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16402"
},
{
"category": "external",
"summary": "RHBZ#1625050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625050"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16402",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16402"
}
],
"release_date": "2018-08-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash"
},
{
"cve": "CVE-2018-16403",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1625055"
}
],
"notes": [
{
"category": "description",
"text": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16403"
},
{
"category": "external",
"summary": "RHBZ#1625055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625055"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16403",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16403"
}
],
"release_date": "2018-08-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash"
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"Brian Carpenter"
],
"organization": "Geeknik Labs",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-16842",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644124"
}
],
"notes": [
{
"category": "description",
"text": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Heap-based buffer over-read in the curl tool warning formatting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16842"
},
{
"category": "external",
"summary": "RHBZ#1644124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644124"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16842"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/CVE-2018-16842.html",
"url": "https://curl.haxx.se/docs/CVE-2018-16842.html"
}
],
"release_date": "2018-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: Heap-based buffer over-read in the curl tool warning formatting"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-16866",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1653867"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon \u0027:\u0027. A local attacker can use this flaw to disclose process memory data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: out-of-bounds read when parsing a crafted syslog message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Virtualization Hypervisor and Management Appliance include vulnerable versions of systemd. However, since exploitation requires local access and impact is restricted to information disclosure, this flaw is rated as having a security issue of Low. Future updates may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16866"
},
{
"category": "external",
"summary": "RHBZ#1653867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16866",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16866"
},
{
"category": "external",
"summary": "https://www.qualys.com/2019/01/09/system-down/system-down.txt",
"url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
}
],
"release_date": "2019-01-09T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd: out-of-bounds read when parsing a crafted syslog message"
},
{
"cve": "CVE-2018-16888",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"discovery_date": "2019-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1662867"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: kills privileged process if unprivileged PIDFile was tampered",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16888"
},
{
"category": "external",
"summary": "RHBZ#1662867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1662867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16888",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16888"
}
],
"release_date": "2017-08-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "systemd: kills privileged process if unprivileged PIDFile was tampered"
},
{
"cve": "CVE-2018-18310",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1642604"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18310"
},
{
"category": "external",
"summary": "RHBZ#1642604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18310",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18310"
}
],
"release_date": "2018-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl"
},
{
"cve": "CVE-2018-18520",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646477"
}
],
"notes": [
{
"category": "description",
"text": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: eu-size cannot handle recursive ar files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18520"
},
{
"category": "external",
"summary": "RHBZ#1646477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646477"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18520"
}
],
"release_date": "2018-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: eu-size cannot handle recursive ar files"
},
{
"cve": "CVE-2018-18521",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646482"
}
],
"notes": [
{
"category": "description",
"text": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18521"
},
{
"category": "external",
"summary": "RHBZ#1646482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646482"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18521",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18521"
}
],
"release_date": "2018-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c"
},
{
"cve": "CVE-2018-20217",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2018-12-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1665296"
}
],
"notes": [
{
"category": "description",
"text": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: Reachable assertion in the KDC using S4U2Self requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20217"
},
{
"category": "external",
"summary": "RHBZ#1665296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20217",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20217"
}
],
"release_date": "2018-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: Reachable assertion in the KDC using S4U2Self requests"
},
{
"cve": "CVE-2018-1000876",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1664699"
}
],
"notes": [
{
"category": "description",
"text": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "binutils: integer overflow leads to heap-based buffer overflow in objdump",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The issue is classified as moderate severity primarily because of the unlikelihood of running a 32bit compiled objdump and/or having a compiled binary that uses 32bit compiled binutils libraries to analyze binaries from a not trusted source. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security. \n\nAs per upstream binutils security policy this issue is not considered as a security flaw. Basically the key element of the policy that affects this is the understanding that analysis of untrusted binaries must always be done in a sandbox because the ELF format is open ended enough to make the analysis tools do anything, like including and processing arbitrary files. This eliminates the only possible vulnerability vector here, which is the possibility of a user being tricked into downloading and analyzing an untrusted ELF without sandboxing.\n\nSee the binutils security policy for more details:\nhttps://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000876"
},
{
"category": "external",
"summary": "RHBZ#1664699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1664699"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876"
}
],
"release_date": "2018-12-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "binutils: integer overflow leads to heap-based buffer overflow in objdump"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"acknowledgments": [
{
"names": [
"the libssh2 project"
]
},
{
"names": [
"Chris Coulson"
],
"organization": "Canonical Ltd.",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-3858",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1687306"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3858"
},
{
"category": "external",
"summary": "RHBZ#1687306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3858",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3858"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3858",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3858"
},
{
"category": "external",
"summary": "https://www.libssh2.org/CVE-2019-3858.html",
"url": "https://www.libssh2.org/CVE-2019-3858.html"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read"
},
{
"acknowledgments": [
{
"names": [
"the libssh2 project"
]
},
{
"names": [
"Chris Coulson"
],
"organization": "Canonical Ltd.",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-3861",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1687311"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh2: Out-of-bounds reads with specially crafted SSH packets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3861"
},
{
"category": "external",
"summary": "RHBZ#1687311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687311"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3861",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3861"
},
{
"category": "external",
"summary": "https://www.libssh2.org/CVE-2019-3861.html",
"url": "https://www.libssh2.org/CVE-2019-3861.html"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh2: Out-of-bounds reads with specially crafted SSH packets"
},
{
"acknowledgments": [
{
"names": [
"the libssh2 project"
]
},
{
"names": [
"Chris Coulson"
],
"organization": "Canonical Ltd.",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-3862",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2019-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1687312"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\n\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3862"
},
{
"category": "external",
"summary": "RHBZ#1687312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1687312"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3862",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3862"
},
{
"category": "external",
"summary": "https://www.libssh2.org/CVE-2019-3862.html",
"url": "https://www.libssh2.org/CVE-2019-3862.html"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request"
},
{
"cve": "CVE-2019-5010",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666519"
}
],
"notes": [
{
"category": "description",
"text": "A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: NULL pointer dereference using a specially crafted X509 certificate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5010"
},
{
"category": "external",
"summary": "RHBZ#1666519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5010"
},
{
"category": "external",
"summary": "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html",
"url": "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html"
}
],
"release_date": "2019-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: NULL pointer dereference using a specially crafted X509 certificate"
},
{
"cve": "CVE-2019-7149",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1671443"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-7149"
},
{
"category": "external",
"summary": "RHBZ#1671443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-7149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7149"
}
],
"release_date": "2019-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw"
},
{
"cve": "CVE-2019-7150",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1671446"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-7150"
},
{
"category": "external",
"summary": "RHBZ#1671446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-7150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7150"
}
],
"release_date": "2018-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c"
},
{
"cve": "CVE-2019-7664",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2019-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677536"
}
],
"notes": [
{
"category": "description",
"text": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-7664"
},
{
"category": "external",
"summary": "RHBZ#1677536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677536"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-7664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7664"
}
],
"release_date": "2019-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h"
},
{
"cve": "CVE-2019-7665",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1677538"
}
],
"notes": [
{
"category": "description",
"text": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-7665"
},
{
"category": "external",
"summary": "RHBZ#1677538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-7665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7665"
}
],
"release_date": "2019-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c"
},
{
"cve": "CVE-2019-9740",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-03-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1688169"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: CRLF injection via the query part of the url passed to urlopen()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects:\n* All current versions of Red Hat OpenStack Platform. However, version 8 is due to retire on the 20th of April 2019, there are no more planned releases prior to this date.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9740"
},
{
"category": "external",
"summary": "RHBZ#1688169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9740"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: CRLF injection via the query part of the url passed to urlopen()"
},
{
"cve": "CVE-2019-9947",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695572"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: CRLF injection via the path part of the url passed to urlopen()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "RHBZ#1695572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695572"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9947"
}
],
"release_date": "2019-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: CRLF injection via the path part of the url passed to urlopen()"
},
{
"cve": "CVE-2019-9948",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695570"
}
],
"notes": [
{
"category": "description",
"text": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(\u0027local_file:///etc/passwd\u0027) call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9948"
},
{
"category": "external",
"summary": "RHBZ#1695570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9948"
}
],
"release_date": "2019-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "If your application uses a blacklist to prevent \"file://\" schema from being used, consider using a whitelist approach to just allow the schemas you want or add \"local_file://\" schema to your blacklist.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Jonas Allmann"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-11729",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2019-07-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728437"
}
],
"notes": [
{
"category": "description",
"text": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Firefox on Red Hat Enterprise Linux is built against the system nss library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11729"
},
{
"category": "external",
"summary": "RHBZ#1728437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11729"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729"
}
],
"release_date": "2019-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Project"
]
}
],
"cve": "CVE-2019-11745",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1774831"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Firefox and Thunderbird on Red Hat Enterprise Linux are built against the system nss library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11745"
},
{
"category": "external",
"summary": "RHBZ#1774831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11745"
},
{
"category": "external",
"summary": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes"
},
{
"category": "external",
"summary": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes"
}
],
"release_date": "2019-11-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate"
},
{
"cve": "CVE-2019-13734",
"discovery_date": "2019-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1781980"
}
],
"notes": [
{
"category": "description",
"text": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: fts3: improve shadow table corruption detection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13734"
},
{
"category": "external",
"summary": "RHBZ#1781980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13734"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: fts3: improve shadow table corruption detection"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1734",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2019-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1801804"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: shell enabled by default in a pipe lookup plugin subprocess",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "RHBZ#1801804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "This issue can be avoided by escaping variables which are used in the lookup.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: shell enabled by default in a pipe lookup plugin subprocess"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1735",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: path injection on dest parameter in fetch module",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1735"
},
{
"category": "external",
"summary": "RHBZ#1802085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1735"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: path injection on dest parameter in fetch module"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1736",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802124"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This issue affects only the newly created files and not existing ones. If the file already exists at the final destination, those permissions are retained. This could lead to the disclosure of sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: atomic_move primitive sets permissive permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.8.14 and 2.9.12 as well as previous versions and all 2.7.x versions are affected.\n\nAnsible Tower 3.6.5 and 3.7.2 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1736"
},
{
"category": "external",
"summary": "RHBZ#1802124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802124"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "This issue can be mitigated by specifying the \"mode\" on the task. That just leaves a race condition in place where newly created files that specify a mode in the task briefly go from 666 - umask to the final mode. An alternative workaround if many new files are created and to avoid setting a specific mode for each file would be to set the \"mode\" to \"preserve\" value. That will maintain the permissions of the source file on the controller in the final file on the managed host.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: atomic_move primitive sets permissive permissions"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1737",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Extract-Zip function in win_unzip module does not check extracted path",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1737"
},
{
"category": "external",
"summary": "RHBZ#1802154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1737"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1737"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the affected win_unzip module when possible.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Extract-Zip function in win_unzip module does not check extracted path"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1738",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when the module package or service is used and the parameter \u0027use\u0027 is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: module package can be selected by the ansible facts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1738"
},
{
"category": "external",
"summary": "RHBZ#1802164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1738"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Specify the parameter \u0027use\u0027 when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: module package can be selected by the ansible facts"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1739",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802178"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: svn module leaks password when specified as a parameter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1739"
},
{
"category": "external",
"summary": "RHBZ#1802178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1739",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1739"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Instead of using the parameter \u0027password\u0027 of the subversion module, provide the password with stdin.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: svn module leaks password when specified as a parameter"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-1740",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1802193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: secrets readable after ansible-vault edit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1740"
},
{
"category": "external",
"summary": "RHBZ#1802193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1740"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except avoid using the \u0027edit\u0027 option from \u0027ansible-vault\u0027 command line tool.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: secrets readable after ansible-vault edit"
},
{
"acknowledgments": [
{
"names": [
"Felix Fountein"
]
}
],
"cve": "CVE-2020-1746",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805491"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Information disclosure issue in ldap_attr and ldap_entry modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be provided from core Ansible. But we still ship ansible separately for ceph ubuntu.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1746"
},
{
"category": "external",
"summary": "RHBZ#1805491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805491"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1746"
}
],
"release_date": "2020-02-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Using args keyword and embedding the ldap_auth variable instead of using bind_pw parameter would mitigate this issue.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ansible: Information disclosure issue in ldap_attr and ldap_entry modules"
},
{
"acknowledgments": [
{
"names": [
"Abhijeet Kasurde"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1753",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2020-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1811008"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw discloses passwords and tokens from the process list, and the no_log directive from the debug module would not be reflected in the underlying command-line tools options, displaying passwords and tokens on stdout and log files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: kubectl connection plugin leaks sensitive information",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Ansible Engine 2.7.17, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1753"
},
{
"category": "external",
"summary": "RHBZ#1811008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1753"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753"
}
],
"release_date": "2020-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: kubectl connection plugin leaks sensitive information"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-10684",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ansible Engine. When using ansible_facts as a subkey of itself, and promoting it to a variable when injecting is enabled, overwriting the ansible_facts after the clean, an attacker could take advantage of this by altering the ansible_facts leading to privilege escalation or code injection. The highest threat from this vulnerability are to data integrity and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: code injection when using ansible_facts as a subkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n* Red Hat Gluster Storage and Red Hat Ceph Storage no longer maintains their own version of Ansible. The fix will be consumed from core Ansible. But we still ship ansible separately for ceph ubuntu.\n* Red Hat OpenStack Platform does package the affected code. However, because RHOSP does not use ansible_facts as a subkey directly, the RHOSP impact has been reduced to Moderate and no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10684"
},
{
"category": "external",
"summary": "RHBZ#1815519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10684"
}
],
"release_date": "2020-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is not a known mitigation except avoiding the functionality of using ansible_facts as a subkey.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Ansible: code injection when using ansible_facts as a subkey"
},
{
"acknowledgments": [
{
"names": [
"Damien Aumaitre",
"Nicolas Surbayrole"
],
"organization": "Quarkslab"
}
],
"cve": "CVE-2020-10685",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2020-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1814627"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted.\r\n\r\nOn Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decrypted data remains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted is sensible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Ansible: modules which use files encrypted with vault are not properly cleaned up",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\n* Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n\n* In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10685"
},
{
"category": "external",
"summary": "RHBZ#1814627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-18T15:13:57+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"category": "workaround",
"details": "Currently, there is no mitigation for this issue except by removing manually the temporary created file after every run.",
"product_ids": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-Ansible-Tower-3.4:ansible-tower-34/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-35/ansible-tower-memcached@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64",
"7Server-Ansible-Tower-3.4:ansible-tower-37/ansible-tower-memcached-rhel7@sha256:25003890d7f04dbc7741c78a9977f0b5071d2c6653a6fc5baff23abe7d71403c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Ansible: modules which use files encrypted with vault are not properly cleaned up"
}
]
}
RHSA-2019_2304
Vulnerability from csaf_redhat - Published: 2019-08-06 13:42 - Updated: 2024-11-22 12:46Summary
Red Hat Security Advisory: openssl security and bug fix update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2304",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"category": "external",
"summary": "1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "1649568",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649568"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2304.json"
}
],
"title": "Red Hat Security Advisory: openssl security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T12:46:49+00:00",
"generator": {
"date": "2024-11-22T12:46:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:2304",
"initial_release_date": "2019-08-06T13:42:09+00:00",
"revision_history": [
{
"date": "2019-08-06T13:42:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-06T13:42:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T12:46:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-static-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"product_id": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.i686",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.i686",
"product_id": "openssl-static-1:1.0.2k-19.el7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.i686",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686",
"product_id": "openssl-devel-1:1.0.2k-19.el7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.i686",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686",
"product_id": "openssl-libs-1:1.0.2k-19.el7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:1.0.2k-19.el7.src",
"product": {
"name": "openssl-1:1.0.2k-19.el7.src",
"product_id": "openssl-1:1.0.2k-19.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-19.el7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-perl-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-static-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-devel-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.s390x",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x",
"product_id": "openssl-libs-1:1.0.2k-19.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.s390",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.s390",
"product_id": "openssl-static-1:1.0.2k-19.el7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.s390",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390",
"product_id": "openssl-devel-1:1.0.2k-19.el7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.s390",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390",
"product_id": "openssl-libs-1:1.0.2k-19.el7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=s390\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-static-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"product_id": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=ppc64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.ppc",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc",
"product_id": "openssl-static-1:1.0.2k-19.el7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.ppc",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc",
"product_id": "openssl-devel-1:1.0.2k-19.el7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.ppc",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc",
"product_id": "openssl-libs-1:1.0.2k-19.el7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"product": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"product_id": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-19.el7?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src"
},
"product_reference": "openssl-1:1.0.2k-19.el7.src",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-19.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-19.el7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644364"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the DSA signature algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "RHBZ#1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T13:42:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
"product_ids": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the DSA signature algorithm"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T13:42:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
"product_ids": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Client-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Client-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7ComputeNode-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7ComputeNode-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Server-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Server-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-7.7:openssl-static-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.src",
"7Workstation-optional-7.7:openssl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-debuginfo-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-devel-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-libs-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-perl-1:1.0.2k-19.el7.x86_64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.i686",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.ppc64le",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.s390x",
"7Workstation-optional-7.7:openssl-static-1:1.0.2k-19.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
}
]
}
RHSA-2019_3929
Vulnerability from csaf_redhat - Published: 2019-11-20 16:08 - Updated: 2024-11-22 13:26Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release
Notes
Topic
Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.
Security Fix(es):
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072)
* tomcat: XSS in SSI printenv (CVE-2019-0221)
* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3929",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3929.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release",
"tracking": {
"current_release_date": "2024-11-22T13:26:19+00:00",
"generator": {
"date": "2024-11-22T13:26:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:3929",
"initial_release_date": "2019-11-20T16:08:26+00:00",
"revision_history": [
{
"date": "2019-11-20T16:08:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-02T16:26:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T13:26:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.2 for RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el8jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"product": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"product": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"product": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el6jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el8jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el8jws?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el6jws?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch"
},
"product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch"
},
"product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch"
},
"product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch"
},
"product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch"
},
"product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch"
},
"product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2019-0199",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat HTTP/2 DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0199"
},
{
"category": "external",
"summary": "RHBZ#1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0199",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199"
}
],
"release_date": "2019-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Apache Tomcat HTTP/2 DoS"
},
{
"cve": "CVE-2019-0221",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713275"
}
],
"notes": [
{
"category": "description",
"text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: XSS in SSI printenv",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0221"
},
{
"category": "external",
"summary": "RHBZ#1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221"
}
],
"release_date": "2019-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: XSS in SSI printenv"
},
{
"cve": "CVE-2019-0232",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Apache Tomcat, where a Java Runtime Environment can pass a command-line argument in the Windows operating system. The execution of arbitrary commands via Tomcat\u2019s Common Gateway Interface (CGI) Servlet, allows an attacker to perform remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is specific to the Windows platform\u0027s treatment of file names and how they must be quoted. Tomcat running on Linux hosts is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0232"
},
{
"category": "external",
"summary": "RHBZ#1701056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0232"
}
],
"release_date": "2019-04-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution on Windows"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"cve": "CVE-2019-10072",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1723708"
}
],
"notes": [
{
"category": "description",
"text": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10072"
},
{
"category": "external",
"summary": "RHBZ#1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10072",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199"
}
]
}
RHSA-2019_3931
Vulnerability from csaf_redhat - Published: 2019-11-20 16:04 - Updated: 2024-11-22 13:26Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release
Notes
Topic
Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.
Security Fix(es):
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
* tomcat: XSS in SSI printenv (CVE-2019-0221)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072)
* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n \nRefer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) \n* tomcat: XSS in SSI printenv (CVE-2019-0221) \n* openssl: 0-byte record padding oracle (CVE-2019-1559) \n* tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072)\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3931",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3931.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release",
"tracking": {
"current_release_date": "2024-11-22T13:26:27+00:00",
"generator": {
"date": "2024-11-22T13:26:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:3931",
"initial_release_date": "2019-11-20T16:04:24+00:00",
"revision_history": [
{
"date": "2019-11-20T16:04:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-02T16:22:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T13:26:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5",
"product": {
"name": "Red Hat JBoss Web Server 5",
"product_id": "Red Hat JBoss Web Server 5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2019-0199",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat HTTP/2 DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0199"
},
{
"category": "external",
"summary": "RHBZ#1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0199",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199"
}
],
"release_date": "2019-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Apache Tomcat HTTP/2 DoS"
},
{
"cve": "CVE-2019-0221",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713275"
}
],
"notes": [
{
"category": "description",
"text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: XSS in SSI printenv",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0221"
},
{
"category": "external",
"summary": "RHBZ#1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221"
}
],
"release_date": "2019-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: XSS in SSI printenv"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"cve": "CVE-2019-10072",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1723708"
}
],
"notes": [
{
"category": "description",
"text": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10072"
},
{
"category": "external",
"summary": "RHBZ#1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10072",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199"
}
]
}
VAR-201902-0192
Vulnerability from variot - Updated: 2024-07-23 20:34If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). OpenSSL Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A vulnerability in OpenSSL could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. An attacker who is able to perform man-in-the-middle attacks could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to intercept and modify the browser requests and then observe the server behavior in order to conduct a padding oracle attack and decrypt sensitive information. The appliance is available to download as an OVA file from the Customer Portal. ========================================================================== Ubuntu Security Notice USN-4376-2 July 09, 2020
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Cesar Pereida Garc\xeda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. A remote attacker could possibly use this issue to decrypt data. (CVE-2019-1559)
Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. (CVE-2019-1563)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm1
Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.44
After a standard system update you need to reboot your computer to make all the necessary changes. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:2304-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2304 Issue date: 2019-08-06 CVE Names: CVE-2018-0734 CVE-2019-1559 ==================================================================== 1. Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
openssl: 0-byte record padding oracle (CVE-2019-1559)
-
openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1649568 - openssl: microarchitectural and timing side channel padding oracle attack against RSA 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
ppc64: openssl-1.0.2k-19.el7.ppc64.rpm openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-devel-1.0.2k-19.el7.ppc.rpm openssl-devel-1.0.2k-19.el7.ppc64.rpm openssl-libs-1.0.2k-19.el7.ppc.rpm openssl-libs-1.0.2k-19.el7.ppc64.rpm
ppc64le: openssl-1.0.2k-19.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-devel-1.0.2k-19.el7.ppc64le.rpm openssl-libs-1.0.2k-19.el7.ppc64le.rpm
s390x: openssl-1.0.2k-19.el7.s390x.rpm openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-devel-1.0.2k-19.el7.s390.rpm openssl-devel-1.0.2k-19.el7.s390x.rpm openssl-libs-1.0.2k-19.el7.s390.rpm openssl-libs-1.0.2k-19.el7.s390x.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-perl-1.0.2k-19.el7.ppc64.rpm openssl-static-1.0.2k-19.el7.ppc.rpm openssl-static-1.0.2k-19.el7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-perl-1.0.2k-19.el7.ppc64le.rpm openssl-static-1.0.2k-19.el7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-perl-1.0.2k-19.el7.s390x.rpm openssl-static-1.0.2k-19.el7.s390.rpm openssl-static-1.0.2k-19.el7.s390x.rpm
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2019-1559 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97 fW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM WQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM B39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q /LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ uX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F JbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A gLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0 veL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x IcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx zBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm BtpJTAdr1kE=7kKR -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). Bugs fixed (https://bugzilla.redhat.com/):
1640820 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions
1658366 - CVE-2018-16881 rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled
1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle
1687920 - RHVH fails to reinstall if required size is exceeding the available disk space due to anaconda bug
1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service
1702223 - Rebase RHV-H on RHEL 7.7
1709829 - CVE-2019-10139 cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment
1718388 - CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc
1720156 - RHVH 4.3.4 version info is incorrect in plymouth and "/etc/os-release"
1720160 - RHVH 4.3.4: Incorrect info in /etc/system-release-cpe
1720310 - RHV-H post-installation scripts failing, due to existing tags
1720434 - RHVH 7.7 brand is wrong in Anaconda GUI.
1720435 - Failed to install RHVH 7.7
1720436 - RHVH 7.7 should based on RHEL 7.7 server but not workstation.
1724044 - Failed dependencies occur during install systemtap package.
1726534 - dhclient fails to load libdns-export.so.1102 after upgrade if the user installed library is not persisted on the new layer
1727007 - Update RHVH 7.7 branding with new Red Hat logo
1727859 - Failed to boot after upgrading a host with a custom kernel
1728998 - "nodectl info" displays error after RHVH installation
1729023 - The error message is inappropriate when run imgbase layout --init on current layout
This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt. It was reported to OpenSSL on 10th December 2018.
Note: Advisory updated to make it clearer that AEAD ciphersuites are not impacted.
Note
OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20190226.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0192",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.9.0"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "hyper converged infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-iq centralized management",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "7.1.0"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "services tools bundle",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "a800",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5.0"
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.1.0"
},
{
"model": "storagegrid",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0.0"
},
{
"model": "a220",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "pan-os",
"scope": "lt",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "8.0.20"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.2"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.3"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "traffix signaling delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "5.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.8"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.0.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "c190",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "agent",
"scope": "lte",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.6.4"
},
{
"model": "traffix signaling delivery controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "5.1.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.43"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "threat intelligence exchange server",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "3.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-iq centralized management",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7.0.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.17.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.5"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.2.3"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0.0"
},
{
"model": "traffix signaling delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "pan-os",
"scope": "lt",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "8.1.8"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "8.0.0"
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "9.0.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "virtualization host",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "altavault",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.3.1"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.14"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "pan-os",
"scope": "lt",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "9.0.2"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "oncommand unified manager core package",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "snapdrive",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "storage automation store",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "8.1.0"
},
{
"model": "threat intelligence exchange server",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.0.0"
},
{
"model": "oncommand unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-iq centralized management",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "6.0.0"
},
{
"model": "snapprotect",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "storagegrid",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0.4"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "fas2750",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.8.1"
},
{
"model": "fas2720",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.0.0"
},
{
"model": "big-iq centralized management",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "6.1.0"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.16"
},
{
"model": "data exchange layer",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "4.0.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "cn1610",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.15.1"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.25"
},
{
"model": "a320",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "data exchange layer",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "6.0.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "agent",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.6.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "pan-os",
"scope": "lt",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.1.15"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2r"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "jp1/snmp system observer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "steelstore cloud integrated storage",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand workflow automation",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "jp1/operations analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "job management system partern 1/automatic job management system 3",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "storagegrid webscale",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "nessus",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "jp1/automatic job management system 3",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "traffix sdc",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "jp1/data highway",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "openssl",
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "santricity smi-s provider",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "jp1/it desktop management 2",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ontap select deploy",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "snapdrive",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand unified manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "jp1/automatic operation",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hyper converged infrastructure",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "element software",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.2r",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.4",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.15",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.7.25",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.43",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.14",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.8",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.2",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.1.15",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.17.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.15.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt,Red Hat,Slackware Security Team,Juraj Somorovsky",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1559",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-1559",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-147651",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-1559",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-1559",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-956",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-147651",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-1559",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). OpenSSL Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A vulnerability in OpenSSL could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. An attacker who is able to perform man-in-the-middle attacks could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to intercept and modify the browser requests and then observe the server behavior in order to conduct a padding oracle attack and decrypt sensitive information. The appliance is available\nto download as an OVA file from the Customer Portal. ==========================================================================\nUbuntu Security Notice USN-4376-2\nJuly 09, 2020\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Cesar Pereida Garc\\xeda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin,\n Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL\n incorrectly handled ECDSA signatures. An attacker could possibly use this\n issue to perform a timing side-channel attack and recover private ECDSA\n keys. A remote attacker could possibly use this issue to decrypt\n data. (CVE-2019-1559)\n\n Bernd Edlinger discovered that OpenSSL incorrectly handled certain\n decryption functions. (CVE-2019-1563)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n libssl1.0.0 1.0.1f-1ubuntu2.27+esm1\n\nUbuntu 12.04 ESM:\n libssl1.0.0 1.0.1-4ubuntu5.44\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: openssl security and bug fix update\nAdvisory ID: RHSA-2019:2304-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2304\nIssue date: 2019-08-06\nCVE Names: CVE-2018-0734 CVE-2019-1559\n====================================================================\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* openssl: timing side channel attack in the DSA signature algorithm\n(CVE-2018-0734)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1649568 - openssl: microarchitectural and timing side channel padding oracle attack against RSA\n1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nppc64:\nopenssl-1.0.2k-19.el7.ppc64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64.rpm\nopenssl-devel-1.0.2k-19.el7.ppc.rpm\nopenssl-devel-1.0.2k-19.el7.ppc64.rpm\nopenssl-libs-1.0.2k-19.el7.ppc.rpm\nopenssl-libs-1.0.2k-19.el7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-19.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-19.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-19.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-19.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390x.rpm\nopenssl-devel-1.0.2k-19.el7.s390.rpm\nopenssl-devel-1.0.2k-19.el7.s390x.rpm\nopenssl-libs-1.0.2k-19.el7.s390.rpm\nopenssl-libs-1.0.2k-19.el7.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-19.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64.rpm\nopenssl-perl-1.0.2k-19.el7.ppc64.rpm\nopenssl-static-1.0.2k-19.el7.ppc.rpm\nopenssl-static-1.0.2k-19.el7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-19.el7.ppc64le.rpm\nopenssl-static-1.0.2k-19.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-19.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390x.rpm\nopenssl-perl-1.0.2k-19.el7.s390x.rpm\nopenssl-static-1.0.2k-19.el7.s390.rpm\nopenssl-static-1.0.2k-19.el7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0734\nhttps://access.redhat.com/security/cve/CVE-2019-1559\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97\nfW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM\nWQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM\nB39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q\n/LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ\nuX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F\nJbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A\ngLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0\nveL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x\nIcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx\nzBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm\nBtpJTAdr1kE=7kKR\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nThe following packages have been upgraded to a later upstream version:\nimgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host\n(4.3.5), redhat-virtualization-host (4.3.5). Bugs fixed (https://bugzilla.redhat.com/):\n\n1640820 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions\n1658366 - CVE-2018-16881 rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled\n1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle\n1687920 - RHVH fails to reinstall if required size is exceeding the available disk space due to anaconda bug\n1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service\n1702223 - Rebase RHV-H on RHEL 7.7\n1709829 - CVE-2019-10139 cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment\n1718388 - CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc\n1720156 - RHVH 4.3.4 version info is incorrect in plymouth and \"/etc/os-release\"\n1720160 - RHVH 4.3.4: Incorrect info in /etc/system-release-cpe\n1720310 - RHV-H post-installation scripts failing, due to existing tags\n1720434 - RHVH 7.7 brand is wrong in Anaconda GUI. \n1720435 - Failed to install RHVH 7.7\n1720436 - RHVH 7.7 should based on RHEL 7.7 server but not workstation. \n1724044 - Failed dependencies occur during install systemtap package. \n1726534 - dhclient fails to load libdns-export.so.1102 after upgrade if the user installed library is not persisted on the new layer\n1727007 - Update RHVH 7.7 branding with new Red Hat logo\n1727859 - Failed to boot after upgrading a host with a custom kernel\n1728998 - \"nodectl info\" displays error after RHVH installation\n1729023 - The error message is inappropriate when run `imgbase layout --init` on current layout\n\n6. \n\nThis issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram,\nwith additional investigation by Steven Collison and Andrew Hourselt. It was\nreported to OpenSSL on 10th December 2018. \n\nNote: Advisory updated to make it clearer that AEAD ciphersuites are not impacted. \n\nNote\n====\n\nOpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support\nfor 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th\nSeptember 2019. Users of these versions should upgrade to OpenSSL 1.1.1. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20190226.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "PACKETSTORM",
"id": "154009"
},
{
"db": "PACKETSTORM",
"id": "158377"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "151885"
},
{
"db": "PACKETSTORM",
"id": "155415"
},
{
"db": "PACKETSTORM",
"id": "153932"
},
{
"db": "PACKETSTORM",
"id": "154008"
},
{
"db": "PACKETSTORM",
"id": "169635"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1559",
"trust": 3.4
},
{
"db": "TENABLE",
"id": "TNS-2019-03",
"trust": 1.8
},
{
"db": "TENABLE",
"id": "TNS-2019-02",
"trust": 1.8
},
{
"db": "MCAFEE",
"id": "SB10282",
"trust": 1.8
},
{
"db": "BID",
"id": "107174",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "151886",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158377",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155415",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4479.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3729",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0102",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2383",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3462",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0487",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0620",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0751.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4558",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0192",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4479",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0032",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4255",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4297",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0666",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3390.4",
"trust": 0.6
},
{
"db": "PULSESECURE",
"id": "SA44019",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "151885",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151918",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154042",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-147651",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-1559",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154009",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155413",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154008",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169635",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "PACKETSTORM",
"id": "154009"
},
{
"db": "PACKETSTORM",
"id": "158377"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "151885"
},
{
"db": "PACKETSTORM",
"id": "155415"
},
{
"db": "PACKETSTORM",
"id": "153932"
},
{
"db": "PACKETSTORM",
"id": "154008"
},
{
"db": "PACKETSTORM",
"id": "169635"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"id": "VAR-201902-0192",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147651"
}
],
"trust": 0.36447732666666666
},
"last_update_date": "2024-07-23T20:34:36.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2019-132 Software product security information",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"title": "OpenSSL Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89673"
},
{
"title": "Red Hat: Moderate: openssl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192304 - security advisory"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192471 - security advisory"
},
{
"title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3899-1"
},
{
"title": "Debian Security Advisories: DSA-4400-1 openssl1.0 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=675a6469b3fad3c9a56addc922ae8d9d"
},
{
"title": "Red Hat: Moderate: rhvm-appliance security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192439 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193929 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193931 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Virtualization security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192437 - security advisory"
},
{
"title": "Red Hat: CVE-2019-1559",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-1559"
},
{
"title": "Arch Linux Advisories: [ASA-201903-2] openssl-1.0: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201903-2"
},
{
"title": "Arch Linux Advisories: [ASA-201903-6] lib32-openssl-1.0: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201903-6"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-1559"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1188",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1188"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1362",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1362"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1188",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1188"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=884ffe1be805ead0a804f06f7c14072c"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1092f7b64100b0110232688947fb97ed"
},
{
"title": "IBM: IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6b4ff04f16b62df96980d37251dc9ae0"
},
{
"title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7856a174f729c96cf2ba970cfef5f604"
},
{
"title": "IBM: IBM Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=04a72ac59f1cc3a5b02c155d941c5cfd"
},
{
"title": "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by a padding oracle vulnerability (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9c55c211aa2410823d4d568143afa117"
},
{
"title": "IBM: Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera Desktop Client 3.9.1 and earlier (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c233af3070d7248dcbafadb6b367e2a1"
},
{
"title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7ceb7cf440b088f91358d1c597d5a414"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c0b11f80d1ecd798a97f3bda2b68f830"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability CVE-2019-1559 in OpenSSL affects IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=12860155d0bf31ea6e2e3ffcef7ea7e0"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2019-1559) Security Bulletin",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2709308a62e1e2fafc2e4989ef440aa3"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1b873a45dce8bb56ff011908a9402b67"
},
{
"title": "IBM: IBM Security Bulletin: Node.js as used in IBM QRadar Packet Capture is vulnerable to the following CVE\u2019s (CVE-2019-1559, CVE-2019-5737, CVE-2019-5739)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=aae1f2192c5cf9375ed61f7a27d08f64"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2019-5739 CVE-2019-5737 CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8b00742d4b57e0eaab4fd3f9a2125634"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 \u0026 GCM32 and LCM8 \u0026 LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ca67e77b9edd2ad304d2f2da1853223f"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ac5ccbde4e4ddbcabd10cacf82487a11"
},
{
"title": "IBM: Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5fc1433ca504461e3bbb1d30e408592c"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-112"
},
{
"title": "Hitachi Security Advisories: Vulnerability in JP1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-132"
},
{
"title": "IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e59d7f075c856823d6f7370dea35e662"
},
{
"title": "Debian CVElist Bug Report Logs: mysql-5.7: Security fixes from the April 2019 CPU",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5f1bd0287d0770973261ab8500c6982b"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus \u0026 IBM App Connect Enterprise V11",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1a7cb34592ef045ece1d2b32c150f2a2"
},
{
"title": "IBM: IBM Security Bulletin: Secure Gateway is affected by multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=28830011b173eee360fbb2a55c68c9d3"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8db7a9036f52f1664d12ac73d7a3506f"
},
{
"title": "IBM: IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6b74f45222d8029af7ffef49314f6056"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-03"
},
{
"title": "Forcepoint Security Advisories: CVE-2018-0734 and CVE-2019-1559 (OpenSSL)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=b508c983da563a8786bf80c360afb887"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Automatic Job Management System 3 - Web Operation Assistant",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-121"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=217c2f4028735d91500e325e8ba1cbba"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2019-1559 OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=a16107c1f899993837417057168db200"
},
{
"title": "IBM: IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=00b8bc7d11e5484e8721f3f62ec2ce87"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=423d1da688755122eb2591196e4cc160"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM Watson Assistant for IBM Cloud Pak for Data",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1e6142e07a3e9637110bdfa17e331459"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a47e10150b300f15d2fd55b9cdaed12d"
},
{
"title": "Tenable Security Advisories: [R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-02"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426"
},
{
"title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Releases 1801-w and 1801-y",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf3f2299a8658b7cd3984c40e7060666"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-1559 "
},
{
"title": "Centos-6-openssl-1.0.1e-58.pd1trfir",
"trust": 0.1,
"url": "https://github.com/datourist/centos-6-openssl-1.0.1e-58.pd1trfir "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/tls-attacker/tls-padding-oracles "
},
{
"title": "TLS-Padding-Oracles",
"trust": 0.1,
"url": "https://github.com/rub-nds/tls-padding-oracles "
},
{
"title": "vyger",
"trust": 0.1,
"url": "https://github.com/mrodden/vyger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.1
},
{
"problemtype": "information leak (CWE-200) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.securityfocus.com/bid/107174"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3929"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3931"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1559"
},
{
"trust": 2.0,
"url": "https://access.redhat.com/errata/rhsa-2019:2304"
},
{
"trust": 1.9,
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2437"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2439"
},
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2471"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10282"
},
{
"trust": 1.2,
"url": "https://support.f5.com/csp/article/k18549143"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 0.7,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/"
},
{
"trust": 0.6,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory30.asc"
},
{
"trust": 0.6,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44019/?l=en_us\u0026atype=sa\u0026fs=search\u0026pn=1\u0026atype=sa"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html"
},
{
"trust": 0.6,
"url": "https://github.com/rub-nds/tls-padding-oracles"
},
{
"trust": 0.6,
"url": "http://openssl.org/"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://support.symantec.com/us/en/article.symsa1490.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170328"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170340"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170334"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170322"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170352"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170346"
},
{
"trust": 0.6,
"url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190572-1/"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4212-1/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115655"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115649"
},
{
"trust": 0.6,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/ hitachi-sec-2019-132/index.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/2016771"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/2020677"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/2027745"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126581"
},
{
"trust": 0.6,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-132/index.html"
},
{
"trust": 0.6,
"url": "http://www.ubuntu.com/usn/usn-3899-1"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76438"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4405/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1116357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4558/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4479/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3729/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76230"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0032/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0487/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115643"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/openssl-1-0-2-information-disclosure-via-0-byte-record-padding-oracle-28600"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/3517185"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167202"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qradar-siem-is-missing-a-required-cryptographic-step-cve-2019-1559/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0192/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3462/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155415/red-hat-security-advisory-2019-3929-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76782"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-the-following-opensll-vulnerability/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2383/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4255/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4297/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0102/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143442"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1105965"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158377/ubuntu-security-notice-usn-4376-2.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106553"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerability-from-openssl-affect-ibm-netezza-host-management/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/151886/slackware-security-advisory-openssl-updates.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-1559"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16881"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16881"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10072"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0221"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10072"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10282"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/203.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-1559"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4376-1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4376-2"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3899-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.15"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10139"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10139"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/policies/secpolicy.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "PACKETSTORM",
"id": "154009"
},
{
"db": "PACKETSTORM",
"id": "158377"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "151885"
},
{
"db": "PACKETSTORM",
"id": "155415"
},
{
"db": "PACKETSTORM",
"id": "153932"
},
{
"db": "PACKETSTORM",
"id": "154008"
},
{
"db": "PACKETSTORM",
"id": "169635"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "PACKETSTORM",
"id": "154009"
},
{
"db": "PACKETSTORM",
"id": "158377"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "151885"
},
{
"db": "PACKETSTORM",
"id": "155415"
},
{
"db": "PACKETSTORM",
"id": "153932"
},
{
"db": "PACKETSTORM",
"id": "154008"
},
{
"db": "PACKETSTORM",
"id": "169635"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-147651"
},
{
"date": "2019-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"date": "2019-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"date": "2019-08-12T17:13:13",
"db": "PACKETSTORM",
"id": "154009"
},
{
"date": "2020-07-09T18:42:27",
"db": "PACKETSTORM",
"id": "158377"
},
{
"date": "2019-11-20T20:32:22",
"db": "PACKETSTORM",
"id": "155413"
},
{
"date": "2019-02-27T19:19:00",
"db": "PACKETSTORM",
"id": "151885"
},
{
"date": "2019-11-20T20:44:44",
"db": "PACKETSTORM",
"id": "155415"
},
{
"date": "2019-08-06T21:09:19",
"db": "PACKETSTORM",
"id": "153932"
},
{
"date": "2019-08-12T17:13:02",
"db": "PACKETSTORM",
"id": "154008"
},
{
"date": "2019-02-26T12:12:12",
"db": "PACKETSTORM",
"id": "169635"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"date": "2019-02-27T23:29:00.277000",
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-147651"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"date": "2021-07-15T06:04:00",
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"date": "2022-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"date": "2023-11-07T03:08:30.953000",
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "151885"
},
{
"db": "PACKETSTORM",
"id": "169635"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
}
],
"trust": 0.6
}
}
CNVD-2019-05906
Vulnerability from cnvd - Published: 2019-03-02
VLAI Severity ?
Title
OpenSSL信息泄露漏洞(CNVD-2019-05906)
Description
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。
OpenSSL 1.0.2版本中存在安全漏洞。攻击者可利用该漏洞绕过访问限制,获取敏感信息。
Severity
中
Patch Name
OpenSSL信息泄露漏洞(CNVD-2019-05906)的补丁
Patch Description
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。
OpenSSL 1.0.2版本中存在安全漏洞。攻击者可利用该漏洞绕过访问限制,获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.openssl.org/news/secadv/20190226.txt
Reference
https://www.openssl.org/news/secadv/20190226.txt
Impacted products
| Name | OpenSSL Project OpenSSL 1.0.2 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-1559",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559"
}
},
"description": "OpenSSL\u662fOpenSSL\u56e2\u961f\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u80fd\u591f\u5b9e\u73b0\u5b89\u5168\u5957\u63a5\u5c42\uff08SSLv2/v3\uff09\u548c\u5b89\u5168\u4f20\u8f93\u5c42\uff08TLSv1\uff09\u534f\u8bae\u7684\u901a\u7528\u52a0\u5bc6\u5e93\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u5305\u62ec\u5bf9\u79f0\u5bc6\u7801\u3001\u54c8\u5e0c\u7b97\u6cd5\u3001\u5b89\u5168\u6563\u5217\u7b97\u6cd5\u7b49\u3002\n\nOpenSSL 1.0.2\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.openssl.org/news/secadv/20190226.txt",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-05906",
"openTime": "2019-03-02",
"patchDescription": "OpenSSL\u662fOpenSSL\u56e2\u961f\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u80fd\u591f\u5b9e\u73b0\u5b89\u5168\u5957\u63a5\u5c42\uff08SSLv2/v3\uff09\u548c\u5b89\u5168\u4f20\u8f93\u5c42\uff08TLSv1\uff09\u534f\u8bae\u7684\u901a\u7528\u52a0\u5bc6\u5e93\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u5305\u62ec\u5bf9\u79f0\u5bc6\u7801\u3001\u54c8\u5e0c\u7b97\u6cd5\u3001\u5b89\u5168\u6563\u5217\u7b97\u6cd5\u7b49\u3002\r\n\r\nOpenSSL 1.0.2\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "OpenSSL\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-05906\uff09\u7684\u8865\u4e01",
"products": {
"product": "OpenSSL Project OpenSSL 1.0.2"
},
"referenceLink": "https://www.openssl.org/news/secadv/20190226.txt",
"serverity": "\u4e2d",
"submitTime": "2019-02-28",
"title": "OpenSSL\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-05906\uff09"
}
GSD-2019-1559
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-1559",
"description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"id": "GSD-2019-1559",
"references": [
"https://www.suse.com/security/cve/CVE-2019-1559.html",
"https://www.debian.org/security/2019/dsa-4400",
"https://access.redhat.com/errata/RHBA-2020:0547",
"https://access.redhat.com/errata/RHSA-2019:3931",
"https://access.redhat.com/errata/RHSA-2019:3929",
"https://access.redhat.com/errata/RHSA-2019:2471",
"https://access.redhat.com/errata/RHSA-2019:2439",
"https://access.redhat.com/errata/RHSA-2019:2437",
"https://access.redhat.com/errata/RHSA-2019:2304",
"https://ubuntu.com/security/CVE-2019-1559",
"https://advisories.mageia.org/CVE-2019-1559.html",
"https://security.archlinux.org/CVE-2019-1559",
"https://alas.aws.amazon.com/cve/html/CVE-2019-1559.html",
"https://linux.oracle.com/cve/CVE-2019-1559.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-1559"
],
"details": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"id": "GSD-2019-1559",
"modified": "2023-12-13T01:23:51.760012Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2019-02-26",
"ID": "CVE-2019-1559",
"STATE": "PUBLIC",
"TITLE": "0-byte record padding oracle"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Padding Oracle"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "GLSA-201903-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "USN-3899-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "DSA-4400",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "openSUSE-SU-2019:1076",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "openSUSE-SU-2019:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1432",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "RHSA-2019:2304",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2439",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2471",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3929",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190301-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190301-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"name": "https://www.openssl.org/news/secadv/20190226.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"name": "https://support.f5.com/csp/article/K18549143",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"name": "https://www.tenable.com/security/tns-2019-02",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"name": "https://www.tenable.com/security/tns-2019-03",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.2r",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.4",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.7.25",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.15",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.43",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.14",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.8",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.2",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.1.15",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.17.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.15.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"ID": "CVE-2019-1559"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssl.org/news/secadv/20190226.txt",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"name": "USN-3899-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "107174",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "DSA-4400",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190301-0002/",
"refsource": "CONFIRM",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190301-0001/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"name": "GLSA-201903-10",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "https://support.f5.com/csp/article/K18549143",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"name": "https://www.tenable.com/security/tns-2019-02",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"name": "openSUSE-SU-2019:1076",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1175",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1173",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.tenable.com/security/tns-2019-03",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"name": "openSUSE-SU-2019:1432",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:2304",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2437",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2439",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2471",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3929",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"refsource": "UBUNTU",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-08-19T11:14Z",
"publishedDate": "2019-02-27T23:29Z"
}
}
}
NCSC-2024-0239
Vulnerability from csaf_ncscnl - Published: 2024-06-07 06:26 - Updated: 2024-06-07 06:26Summary
Kwetsbaarheden verholpen in Solarwinds Platform
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Solarwinds heeft kwetsbaarheden verholpen in Solarwinds Platform.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, een command-injection uit te voeren, of om een Cross-Site-Scripting-aanval uit te voeren. Een dergelijke aanval kan leiden tot uitvoer van willekeurige code in de browser van het slachtoffer.
Voor succesvol misbruik moet de kwaadwillende voorafgaande authenticatie hebben.
Oplossingen
Solarwinds heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Solarwinds Platform 2024.2
In deze updates zijn tevens kwetsbaarheden verholpen in onderliggende third-party software waar het platform gebruik van maakt. Voor deze kwetsbaarheden zijn eerdere beveiligingsadviezen gepubliceerd.
Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-125
Out-of-bounds Read
CWE-190
Integer Overflow or Wraparound
CWE-20
Improper Input Validation
CWE-325
Missing Cryptographic Step
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-385
Covert Timing Channel
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-682
Incorrect Calculation
CWE-704
Incorrect Type Conversion or Cast
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Solarwinds heeft kwetsbaarheden verholpen in Solarwinds Platform.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, een command-injection uit te voeren, of om een Cross-Site-Scripting-aanval uit te voeren. Een dergelijke aanval kan leiden tot uitvoer van willekeurige code in de browser van het slachtoffer.\n\nVoor succesvol misbruik moet de kwaadwillende voorafgaande authenticatie hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Solarwinds heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Solarwinds Platform 2024.2\n\nIn deze updates zijn tevens kwetsbaarheden verholpen in onderliggende third-party software waar het platform gebruik van maakt. Voor deze kwetsbaarheden zijn eerdere beveiligingsadviezen gepubliceerd.\n\nZie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Incorrect Calculation",
"title": "CWE-682"
},
{
"category": "general",
"text": "Incorrect Type Conversion or Cast",
"title": "CWE-704"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"title": "CWE-89"
},
{
"category": "general",
"text": "Permissive Cross-domain Policy with Untrusted Domains",
"title": "CWE-942"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28999"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004"
}
],
"title": "Kwetsbaarheden verholpen in Solarwinds Platform",
"tracking": {
"current_release_date": "2024-06-07T06:26:01.172456Z",
"id": "NCSC-2024-0239",
"initial_release_date": "2024-06-07T06:26:01.172456Z",
"revision_history": [
{
"date": "2024-06-07T06:26:01.172456Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "solarwinds_platform_",
"product": {
"name": "solarwinds_platform_",
"product_id": "CSAFPID-1463738",
"product_identification_helper": {
"cpe": "cpe:2.3:a:solarwinds_:solarwinds_platform_:2024.1.1_and_previous_versions:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "solarwinds_platform",
"product": {
"name": "solarwinds_platform",
"product_id": "CSAFPID-1463740",
"product_identification_helper": {
"cpe": "cpe:2.3:a:solarwinds_:solarwinds_platform:2024.1.1_and_previous_versions_:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "solarwinds_"
},
{
"branches": [
{
"category": "product_name",
"name": "orion_platform",
"product": {
"name": "orion_platform",
"product_id": "CSAFPID-1463455",
"product_identification_helper": {
"cpe": "cpe:2.3:a:solarwinds:orion_platform:2024.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "orion_platform",
"product": {
"name": "orion_platform",
"product_id": "CSAFPID-1463456",
"product_identification_helper": {
"cpe": "cpe:2.3:a:solarwinds:orion_platform:2024.1.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "solarwinds_platform_",
"product": {
"name": "solarwinds_platform_",
"product_id": "CSAFPID-1463739",
"product_identification_helper": {
"cpe": "cpe:2.3:a:solarwinds:solarwinds_platform_:2024.1.1_and_previous_versions_:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "solarwinds"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-3736",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"notes": [
{
"category": "other",
"text": "Incorrect Calculation",
"title": "CWE-682"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2017-3736",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-3736.json"
}
],
"title": "CVE-2017-3736"
},
{
"cve": "CVE-2018-0732",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"notes": [
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2018-0732",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2018/CVE-2018-0732.json"
}
],
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2018-0737",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2018-0737",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2018/CVE-2018-0737.json"
}
],
"title": "CVE-2018-0737"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"notes": [
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2019-1559",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-1559.json"
}
],
"title": "CVE-2019-1559"
},
{
"cve": "CVE-2020-1971",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2020-1971",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1971.json"
}
],
"title": "CVE-2020-1971"
},
{
"cve": "CVE-2021-3712",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-3712",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-3712.json"
}
],
"title": "CVE-2021-3712"
},
{
"cve": "CVE-2021-4321",
"cwe": {
"id": "CWE-942",
"name": "Permissive Cross-domain Policy with Untrusted Domains"
},
"notes": [
{
"category": "other",
"text": "Permissive Cross-domain Policy with Untrusted Domains",
"title": "CWE-942"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-4321",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-4321.json"
}
],
"title": "CVE-2021-4321"
},
{
"cve": "CVE-2021-23840",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2021-23840",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23840.json"
}
],
"title": "CVE-2021-23840"
},
{
"cve": "CVE-2022-0778",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2022-0778",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-0778.json"
}
],
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2023-0215",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-0215",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0215.json"
}
],
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"notes": [
{
"category": "other",
"text": "Incorrect Type Conversion or Cast",
"title": "CWE-704"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-0286",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0286.json"
}
],
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2024-28996",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"title": "CWE-89"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1463739"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28996",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28996.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1463739"
]
}
],
"title": "CVE-2024-28996"
},
{
"cve": "CVE-2024-28999",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1463740"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1463740"
]
}
],
"title": "CVE-2024-28999"
},
{
"cve": "CVE-2024-29004",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1463738"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29004",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29004.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1463738"
]
}
],
"title": "CVE-2024-29004"
}
]
}
GHSA-9CCQ-7HVH-CV7P
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI?
Details
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Severity ?
5.9 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-1559"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-27T23:29:00Z",
"severity": "MODERATE"
},
"details": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"id": "GHSA-9ccq-7hvh-cv7p",
"modified": "2022-05-13T01:03:06Z",
"published": "2022-05-13T01:03:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4376-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3899-1"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190423-0002"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190301-0002"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190301-0001"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107174"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…