libcrypto38-2.5.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10309 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libcrypto38-2.5.0-1.1 on GA media These are all security issues fixed in the libcrypto38-2.5.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10309 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10309 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-3502/ SUSE CVE CVE-2014-3502 page https://www.suse.com/security/cve/CVE-2014-3506/ SUSE CVE CVE-2014-3506 page https://www.suse.com/security/cve/CVE-2014-3507/ SUSE CVE CVE-2014-3507 page https://www.suse.com/security/cve/CVE-2014-3508/ SUSE CVE CVE-2014-3508 page https://www.suse.com/security/cve/CVE-2014-3509/ SUSE CVE CVE-2014-3509 page https://www.suse.com/security/cve/CVE-2014-3510/ SUSE CVE CVE-2014-3510 page https://www.suse.com/security/cve/CVE-2014-3511/ SUSE CVE CVE-2014-3511 page https://www.suse.com/security/cve/CVE-2014-3512/ SUSE CVE CVE-2014-3512 page https://www.suse.com/security/cve/CVE-2014-3570/ SUSE CVE CVE-2014-3570 page https://www.suse.com/security/cve/CVE-2014-3572/ SUSE CVE CVE-2014-3572 page https://www.suse.com/security/cve/CVE-2014-5139/ SUSE CVE CVE-2014-5139 page https://www.suse.com/security/cve/CVE-2014-8176/ SUSE CVE CVE-2014-8176 page https://www.suse.com/security/cve/CVE-2014-8275/ SUSE CVE CVE-2014-8275 page https://www.suse.com/security/cve/CVE-2015-0205/ SUSE CVE CVE-2015-0205 page https://www.suse.com/security/cve/CVE-2015-0206/ SUSE CVE CVE-2015-0206 page https://www.suse.com/security/cve/CVE-2015-0209/ SUSE CVE CVE-2015-0209 page https://www.suse.com/security/cve/CVE-2015-0286/ SUSE CVE CVE-2015-0286 page https://www.suse.com/security/cve/CVE-2015-0287/ SUSE CVE CVE-2015-0287 page https://www.suse.com/security/cve/CVE-2015-0288/ SUSE CVE CVE-2015-0288 page https://www.suse.com/security/cve/CVE-2015-0289/ SUSE CVE CVE-2015-0289 page https://www.suse.com/security/cve/CVE-2015-1788/ SUSE CVE CVE-2015-1788 page https://www.suse.com/security/cve/CVE-2015-1789/ SUSE CVE CVE-2015-1789 page https://www.suse.com/security/cve/CVE-2015-1790/ SUSE CVE CVE-2015-1790 page https://www.suse.com/security/cve/CVE-2015-1792/ SUSE CVE CVE-2015-1792 page https://www.suse.com/security/cve/CVE-2015-3194/ SUSE CVE CVE-2015-3194 page https://www.suse.com/security/cve/CVE-2015-3195/ SUSE CVE CVE-2015-3195 page https://www.suse.com/security/cve/CVE-2015-4000/ SUSE CVE CVE-2015-4000 page https://www.suse.com/security/cve/CVE-2015-5333/ SUSE CVE CVE-2015-5333 page https://www.suse.com/security/cve/CVE-2015-5334/ SUSE CVE CVE-2015-5334 page https://www.suse.com/security/cve/CVE-2016-0702/ SUSE CVE CVE-2016-0702 page openSUSE Tumbleweed libcrypto38-2.5.0-1.1 libcrypto38-32bit-2.5.0-1.1 libressl-2.5.0-1.1 libressl-devel-2.5.0-1.1 libressl-devel-32bit-2.5.0-1.1 libressl-devel-doc-2.5.0-1.1 libssl39-2.5.0-1.1 libssl39-32bit-2.5.0-1.1 libtls11-2.5.0-1.1 libtls11-32bit-2.5.0-1.1 libcrypto38-2.5.0-1.1 as a component of openSUSE Tumbleweed libcrypto38-32bit-2.5.0-1.1 as a component of openSUSE Tumbleweed libressl-2.5.0-1.1 as a component of openSUSE Tumbleweed libressl-devel-2.5.0-1.1 as a component of openSUSE Tumbleweed libressl-devel-32bit-2.5.0-1.1 as a component of openSUSE Tumbleweed libressl-devel-doc-2.5.0-1.1 as a component of openSUSE Tumbleweed libssl39-2.5.0-1.1 as a component of openSUSE Tumbleweed libssl39-32bit-2.5.0-1.1 as a component of openSUSE Tumbleweed libtls11-2.5.0-1.1 as a component of openSUSE Tumbleweed libtls11-32bit-2.5.0-1.1 as a component of openSUSE Tumbleweed Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. CVE-2014-3502 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3502.html CVE-2014-3502 d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. CVE-2014-3506 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3506.html CVE-2014-3506 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890764 SUSE Bug 890764 https://bugzilla.suse.com/890768 SUSE Bug 890768 https://bugzilla.suse.com/905106 SUSE Bug 905106 Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. CVE-2014-3507 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3507.html CVE-2014-3507 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890764 SUSE Bug 890764 https://bugzilla.suse.com/890769 SUSE Bug 890769 https://bugzilla.suse.com/905106 SUSE Bug 905106 The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. CVE-2014-3508 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3508.html CVE-2014-3508 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890764 SUSE Bug 890764 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/950708 SUSE Bug 950708 Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data. CVE-2014-3509 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3509.html CVE-2014-3509 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890766 SUSE Bug 890766 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. CVE-2014-3510 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3510.html CVE-2014-3510 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890764 SUSE Bug 890764 https://bugzilla.suse.com/890770 SUSE Bug 890770 https://bugzilla.suse.com/905106 SUSE Bug 905106 The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. CVE-2014-3511 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3511.html CVE-2014-3511 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890771 SUSE Bug 890771 Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. CVE-2014-3512 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3512.html CVE-2014-3512 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890772 SUSE Bug 890772 The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. CVE-2014-3570 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3570.html CVE-2014-3570 https://bugzilla.suse.com/912296 SUSE Bug 912296 https://bugzilla.suse.com/915848 SUSE Bug 915848 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/944456 SUSE Bug 944456 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. CVE-2014-3572 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3572.html CVE-2014-3572 https://bugzilla.suse.com/912015 SUSE Bug 912015 https://bugzilla.suse.com/915848 SUSE Bug 915848 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/937891 SUSE Bug 937891 The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. CVE-2014-5139 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-5139.html CVE-2014-5139 https://bugzilla.suse.com/886831 SUSE Bug 886831 https://bugzilla.suse.com/890759 SUSE Bug 890759 https://bugzilla.suse.com/890765 SUSE Bug 890765 The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data. CVE-2014-8176 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8176.html CVE-2014-8176 https://bugzilla.suse.com/1148697 SUSE Bug 1148697 https://bugzilla.suse.com/934494 SUSE Bug 934494 https://bugzilla.suse.com/934666 SUSE Bug 934666 https://bugzilla.suse.com/986238 SUSE Bug 986238 OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. CVE-2014-8275 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8275.html CVE-2014-8275 https://bugzilla.suse.com/912018 SUSE Bug 912018 https://bugzilla.suse.com/915848 SUSE Bug 915848 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/937891 SUSE Bug 937891 The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. CVE-2015-0205 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0205.html CVE-2015-0205 https://bugzilla.suse.com/912293 SUSE Bug 912293 https://bugzilla.suse.com/915848 SUSE Bug 915848 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/937891 SUSE Bug 937891 Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. CVE-2015-0206 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0206.html CVE-2015-0206 https://bugzilla.suse.com/912292 SUSE Bug 912292 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/937891 SUSE Bug 937891 Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. CVE-2015-0209 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0209.html CVE-2015-0209 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. CVE-2015-0286 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0286.html CVE-2015-0286 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/922496 SUSE Bug 922496 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/951391 SUSE Bug 951391 The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. CVE-2015-0287 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0287.html CVE-2015-0287 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/922499 SUSE Bug 922499 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/968888 SUSE Bug 968888 https://bugzilla.suse.com/991722 SUSE Bug 991722 The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. CVE-2015-0288 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0288.html CVE-2015-0288 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/920236 SUSE Bug 920236 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/951391 SUSE Bug 951391 The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. CVE-2015-0289 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0289.html CVE-2015-0289 https://bugzilla.suse.com/919648 SUSE Bug 919648 https://bugzilla.suse.com/922500 SUSE Bug 922500 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. CVE-2015-1788 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1788.html CVE-2015-1788 https://bugzilla.suse.com/934487 SUSE Bug 934487 https://bugzilla.suse.com/934666 SUSE Bug 934666 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/938432 SUSE Bug 938432 The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. CVE-2015-1789 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1789.html CVE-2015-1789 https://bugzilla.suse.com/934489 SUSE Bug 934489 https://bugzilla.suse.com/934666 SUSE Bug 934666 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/938432 SUSE Bug 938432 https://bugzilla.suse.com/951391 SUSE Bug 951391 The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. CVE-2015-1790 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1790.html CVE-2015-1790 https://bugzilla.suse.com/934491 SUSE Bug 934491 https://bugzilla.suse.com/934666 SUSE Bug 934666 https://bugzilla.suse.com/936586 SUSE Bug 936586 https://bugzilla.suse.com/938432 SUSE Bug 938432 The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. CVE-2015-1792 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1792.html CVE-2015-1792 https://bugzilla.suse.com/934493 SUSE Bug 934493 https://bugzilla.suse.com/934666 SUSE Bug 934666 https://bugzilla.suse.com/937891 SUSE Bug 937891 https://bugzilla.suse.com/986238 SUSE Bug 986238 crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. CVE-2015-3194 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3194.html CVE-2015-3194 https://bugzilla.suse.com/957812 SUSE Bug 957812 https://bugzilla.suse.com/957815 SUSE Bug 957815 https://bugzilla.suse.com/958768 SUSE Bug 958768 https://bugzilla.suse.com/976341 SUSE Bug 976341 https://bugzilla.suse.com/990370 SUSE Bug 990370 The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. CVE-2015-3195 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3195.html CVE-2015-3195 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/957812 SUSE Bug 957812 https://bugzilla.suse.com/957815 SUSE Bug 957815 https://bugzilla.suse.com/958768 SUSE Bug 958768 https://bugzilla.suse.com/963977 SUSE Bug 963977 https://bugzilla.suse.com/986238 SUSE Bug 986238 The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. CVE-2015-4000 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important 7.3 AV:N/AC:H/Au:N/C:C/I:C/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4000.html CVE-2015-4000 https://bugzilla.suse.com/1074631 SUSE Bug 1074631 https://bugzilla.suse.com/1211968 SUSE Bug 1211968 https://bugzilla.suse.com/931600 SUSE Bug 931600 https://bugzilla.suse.com/931698 SUSE Bug 931698 https://bugzilla.suse.com/931723 SUSE Bug 931723 https://bugzilla.suse.com/931845 SUSE Bug 931845 https://bugzilla.suse.com/932026 SUSE Bug 932026 https://bugzilla.suse.com/932483 SUSE Bug 932483 https://bugzilla.suse.com/934789 SUSE Bug 934789 https://bugzilla.suse.com/935033 SUSE Bug 935033 https://bugzilla.suse.com/935540 SUSE Bug 935540 https://bugzilla.suse.com/935979 SUSE Bug 935979 https://bugzilla.suse.com/937202 SUSE Bug 937202 https://bugzilla.suse.com/937766 SUSE Bug 937766 https://bugzilla.suse.com/938248 SUSE Bug 938248 https://bugzilla.suse.com/938432 SUSE Bug 938432 https://bugzilla.suse.com/938895 SUSE Bug 938895 https://bugzilla.suse.com/938905 SUSE Bug 938905 https://bugzilla.suse.com/938906 SUSE Bug 938906 https://bugzilla.suse.com/938913 SUSE Bug 938913 https://bugzilla.suse.com/938945 SUSE Bug 938945 https://bugzilla.suse.com/943664 SUSE Bug 943664 https://bugzilla.suse.com/944729 SUSE Bug 944729 https://bugzilla.suse.com/945582 SUSE Bug 945582 https://bugzilla.suse.com/955589 SUSE Bug 955589 https://bugzilla.suse.com/980406 SUSE Bug 980406 https://bugzilla.suse.com/990592 SUSE Bug 990592 https://bugzilla.suse.com/994144 SUSE Bug 994144 Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. CVE-2015-5333 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5333.html CVE-2015-5333 https://bugzilla.suse.com/950707 SUSE Bug 950707 https://bugzilla.suse.com/950708 SUSE Bug 950708 Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. CVE-2015-5334 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5334.html CVE-2015-5334 https://bugzilla.suse.com/950707 SUSE Bug 950707 https://bugzilla.suse.com/950708 SUSE Bug 950708 The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. CVE-2016-0702 openSUSE Tumbleweed:libcrypto38-2.5.0-1.1 openSUSE Tumbleweed:libcrypto38-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-32bit-2.5.0-1.1 openSUSE Tumbleweed:libressl-devel-doc-2.5.0-1.1 openSUSE Tumbleweed:libssl39-2.5.0-1.1 openSUSE Tumbleweed:libssl39-32bit-2.5.0-1.1 openSUSE Tumbleweed:libtls11-2.5.0-1.1 openSUSE Tumbleweed:libtls11-32bit-2.5.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0702.html CVE-2016-0702 https://bugzilla.suse.com/1007806 SUSE Bug 1007806 https://bugzilla.suse.com/968044 SUSE Bug 968044 https://bugzilla.suse.com/968050 SUSE Bug 968050 https://bugzilla.suse.com/971238 SUSE Bug 971238 https://bugzilla.suse.com/990370 SUSE Bug 990370