Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-5407 (GCVE-0-2018-5407)
Vulnerability from cvelistv5
Published
2018-11-15 21:00
Modified
2024-08-05 05:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| N/A | Processors supporting Simultaneous Multi-Threading |
Version: N/A |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:0483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"name": "USN-3840-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name": "DSA-4355",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name": "GLSA-201903-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"name": "45785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bbbrumley/portsmash"
},
{
"name": "DSA-4348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name": "105897",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105897"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"name": "RHSA-2019:0651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"name": "RHSA-2019:0652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "RHSA-2019:3929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"name": "RHSA-2019:3935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Processors supporting Simultaneous Multi-Threading",
"vendor": "N/A",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"datePublic": "2018-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T21:06:46",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "RHSA-2019:0483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"name": "USN-3840-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name": "DSA-4355",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name": "GLSA-201903-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"name": "45785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bbbrumley/portsmash"
},
{
"name": "DSA-4348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name": "105897",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105897"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"name": "RHSA-2019:0651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"name": "RHSA-2019:0652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:2125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "RHSA-2019:3929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"name": "RHSA-2019:3935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Processors supporting Simultaneous Multi-Threading",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "N/A"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:0483",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"name": "USN-3840-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name": "DSA-4355",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"name": "https://www.tenable.com/security/tns-2018-17",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name": "GLSA-201903-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "https://www.tenable.com/security/tns-2018-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"name": "45785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"name": "https://github.com/bbbrumley/portsmash",
"refsource": "MISC",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"name": "DSA-4348",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name": "105897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105897"
},
{
"name": "https://eprint.iacr.org/2018/1060.pdf",
"refsource": "MISC",
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"name": "RHSA-2019:0651",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"name": "RHSA-2019:0652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:2125",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "RHSA-2019:3929",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"name": "RHSA-2019:3935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5407",
"datePublished": "2018-11-15T21:00:00",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:33:44.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-5407\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-11-15T21:29:00.233\",\"lastModified\":\"2024-11-21T04:08:45.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.\"},{\"lang\":\"es\",\"value\":\"SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronizaci\u00f3n mediante un ataques de sincronizaci\u00f3n de canal lateral en la \\\"contenci\u00f3n de puertos\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.14.4\",\"matchCriteriaId\":\"4F608F84-5A94-4DC1-A7B8-E19028F96A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.11.4\",\"matchCriteriaId\":\"468A9D35-95E1-473B-A5D3-9BD78818F599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.9.0\",\"matchCriteriaId\":\"48A01678-361E-4F23-B7D6-41B0C145F491\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.2\",\"versionEndExcluding\":\"1.0.2q\",\"matchCriteriaId\":\"0DF92E05-808F-4D22-BD55-3571BF46889F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndExcluding\":\"1.1.0i\",\"matchCriteriaId\":\"B64CB987-8B48-4B65-BC6A-B39F1F69F4B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.1.1\",\"matchCriteriaId\":\"0BB469FA-ECF9-42D8-8CF0-7C8B426FD7B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5553591-073B-45E3-999F-21B8BA2EEE22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD941CDF-8486-43F7-9D98-2B8785B1B139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDE18990-1FC9-4624-971B-2E87BF0871AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C29F2D-CBE6-4E22-98AE-787E939ED161\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F3E643-4B65-4668-BB11-C61ED54D5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDCE0E90-495E-4437-8529-3C36441FB69D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.12.3\",\"matchCriteriaId\":\"D2049488-5CE2-4C56-8B0E-BA7C499A7372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.12.4\",\"versionEndIncluding\":\"4.1.2\",\"matchCriteriaId\":\"81B25011-AEFA-453D-AF1E-5945AB625767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"7A1E1023-2EB9-4334-9B74-CA71480F71C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84BF6794-2CE6-407F-B8E0-81871AB7B40B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A4E178-0082-45C5-BBC0-0A4E51C8B1DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F021C23-AB9B-4877-833F-D01359A98762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F8ED016-32A1-42EE-844E-3E6B2C116B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A046CC2C-445F-4336-8810-930570B4FEC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0745445C-EC43-4091-BA7C-5105AFCC6F1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92A6A7BA-CCE6-426F-8434-7A578A245180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"B52550D1-38F6-4AAC-BE68-487F7D6DB2D8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E92F9B3-3841-4C05-88F0-CEB0735EA4BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105897\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0483\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0651\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0652\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2125\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3929\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3931\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3935\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://eprint.iacr.org/2018/1060.pdf\",\"source\":\"cret@cert.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/bbbrumley/portsmash\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-10\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181126-0001/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/3840-1/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4348\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4355\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45785/\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-16\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-17\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0483\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://eprint.iacr.org/2018/1060.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/bbbrumley/portsmash\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181126-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3840-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4355\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45785/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
ghsa-3rjg-j575-7f6p
Vulnerability from github
Published
2022-05-13 01:16
Modified
2022-05-13 01:16
Severity ?
VLAI Severity ?
Details
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
{
"affected": [],
"aliases": [
"CVE-2018-5407"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-15T21:29:00Z",
"severity": "MODERATE"
},
"details": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"id": "GHSA-3rjg-j575-7f6p",
"modified": "2022-05-13T01:16:10Z",
"published": "2022-05-13T01:16:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45785"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3840-1"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20181126-0001"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"type": "WEB",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"type": "WEB",
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105897"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
opensuse-su-2024:11126-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media
Notes
Title of the patch
libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media
Description of the patch
These are all security issues fixed in the libopenssl-1_0_0-devel-1.0.2u-6.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11126
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenssl-1_0_0-devel-1.0.2u-6.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11126",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11126-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-2937 page",
"url": "https://www.suse.com/security/cve/CVE-2006-2937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-2940 page",
"url": "https://www.suse.com/security/cve/CVE-2006-2940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-3738 page",
"url": "https://www.suse.com/security/cve/CVE-2006-3738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-4339 page",
"url": "https://www.suse.com/security/cve/CVE-2006-4339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-4343 page",
"url": "https://www.suse.com/security/cve/CVE-2006-4343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3108 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5135 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0891 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1672 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7055 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7056 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3731 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3732 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3735 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3736 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3737 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3738 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0732 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0737 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0739 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1547 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1551 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1551/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1563 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23840 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23841 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3712 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3712/"
}
],
"title": "libopenssl-1_0_0-devel-1.0.2u-6.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11126-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"product_id": "libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl10-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl10-1.0.2u-6.2.aarch64",
"product_id": "libopenssl10-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-steam-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"product": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"product_id": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2u-6.2.aarch64",
"product": {
"name": "openssl-1_0_0-1.0.2u-6.2.aarch64",
"product_id": "openssl-1_0_0-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"product_id": "openssl-1_0_0-cavs-1.0.2u-6.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"product": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"product_id": "openssl-1_0_0-doc-1.0.2u-6.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl10-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl10-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl10-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"product": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"product_id": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2u-6.2.ppc64le",
"product": {
"name": "openssl-1_0_0-1.0.2u-6.2.ppc64le",
"product_id": "openssl-1_0_0-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"product_id": "openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"product": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"product_id": "openssl-1_0_0-doc-1.0.2u-6.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"product_id": "libopenssl-1_0_0-devel-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl10-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl10-1.0.2u-6.2.s390x",
"product_id": "libopenssl10-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-steam-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"product": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"product_id": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2u-6.2.s390x",
"product": {
"name": "openssl-1_0_0-1.0.2u-6.2.s390x",
"product_id": "openssl-1_0_0-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"product_id": "openssl-1_0_0-cavs-1.0.2u-6.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"product": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"product_id": "openssl-1_0_0-doc-1.0.2u-6.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"product_id": "libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"product_id": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl10-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl10-1.0.2u-6.2.x86_64",
"product_id": "libopenssl10-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-steam-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"product": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"product_id": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2u-6.2.x86_64",
"product": {
"name": "openssl-1_0_0-1.0.2u-6.2.x86_64",
"product_id": "openssl-1_0_0-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"product": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"product_id": "openssl-1_0_0-cavs-1.0.2u-6.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2u-6.2.x86_64",
"product": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.x86_64",
"product_id": "openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl10-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl10-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl10-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl10-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl10-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl10-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl10-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl10-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64"
},
"product_reference": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le"
},
"product_reference": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x"
},
"product_reference": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64"
},
"product_reference": "libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64"
},
"product_reference": "openssl-1_0_0-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le"
},
"product_reference": "openssl-1_0_0-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x"
},
"product_reference": "openssl-1_0_0-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-cavs-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64"
},
"product_reference": "openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64"
},
"product_reference": "openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le"
},
"product_reference": "openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x"
},
"product_reference": "openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2u-6.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
},
"product_reference": "openssl-1_0_0-doc-1.0.2u-6.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-2937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-2937"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-2937",
"url": "https://www.suse.com/security/cve/CVE-2006-2937"
},
{
"category": "external",
"summary": "SUSE Bug 202366 for CVE-2006-2937",
"url": "https://bugzilla.suse.com/202366"
},
{
"category": "external",
"summary": "SUSE Bug 207635 for CVE-2006-2937",
"url": "https://bugzilla.suse.com/207635"
},
{
"category": "external",
"summary": "SUSE Bug 215623 for CVE-2006-2937",
"url": "https://bugzilla.suse.com/215623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-2937"
},
{
"cve": "CVE-2006-2940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-2940"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-2940",
"url": "https://www.suse.com/security/cve/CVE-2006-2940"
},
{
"category": "external",
"summary": "SUSE Bug 202366 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/202366"
},
{
"category": "external",
"summary": "SUSE Bug 207635 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/207635"
},
{
"category": "external",
"summary": "SUSE Bug 208971 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/208971"
},
{
"category": "external",
"summary": "SUSE Bug 215623 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/215623"
},
{
"category": "external",
"summary": "SUSE Bug 223040 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/223040"
},
{
"category": "external",
"summary": "SUSE Bug 992991 for CVE-2006-2940",
"url": "https://bugzilla.suse.com/992991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-2940"
},
{
"cve": "CVE-2006-3738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-3738"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-3738",
"url": "https://www.suse.com/security/cve/CVE-2006-3738"
},
{
"category": "external",
"summary": "SUSE Bug 202366 for CVE-2006-3738",
"url": "https://bugzilla.suse.com/202366"
},
{
"category": "external",
"summary": "SUSE Bug 215623 for CVE-2006-3738",
"url": "https://bugzilla.suse.com/215623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2006-3738"
},
{
"cve": "CVE-2006-4339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-4339"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-4339",
"url": "https://www.suse.com/security/cve/CVE-2006-4339"
},
{
"category": "external",
"summary": "SUSE Bug 202366 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/202366"
},
{
"category": "external",
"summary": "SUSE Bug 203595 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/203595"
},
{
"category": "external",
"summary": "SUSE Bug 206636 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/206636"
},
{
"category": "external",
"summary": "SUSE Bug 207635 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/207635"
},
{
"category": "external",
"summary": "SUSE Bug 215623 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/215623"
},
{
"category": "external",
"summary": "SUSE Bug 218303 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/218303"
},
{
"category": "external",
"summary": "SUSE Bug 233584 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/233584"
},
{
"category": "external",
"summary": "SUSE Bug 564512 for CVE-2006-4339",
"url": "https://bugzilla.suse.com/564512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-4339"
},
{
"cve": "CVE-2006-4343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-4343"
}
],
"notes": [
{
"category": "general",
"text": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-4343",
"url": "https://www.suse.com/security/cve/CVE-2006-4343"
},
{
"category": "external",
"summary": "SUSE Bug 202366 for CVE-2006-4343",
"url": "https://bugzilla.suse.com/202366"
},
{
"category": "external",
"summary": "SUSE Bug 207635 for CVE-2006-4343",
"url": "https://bugzilla.suse.com/207635"
},
{
"category": "external",
"summary": "SUSE Bug 215623 for CVE-2006-4343",
"url": "https://bugzilla.suse.com/215623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-4343"
},
{
"cve": "CVE-2007-3108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3108"
}
],
"notes": [
{
"category": "general",
"text": "The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3108",
"url": "https://www.suse.com/security/cve/CVE-2007-3108"
},
{
"category": "external",
"summary": "SUSE Bug 296511 for CVE-2007-3108",
"url": "https://bugzilla.suse.com/296511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3108"
},
{
"cve": "CVE-2007-5135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5135"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5135",
"url": "https://www.suse.com/security/cve/CVE-2007-5135"
},
{
"category": "external",
"summary": "SUSE Bug 329208 for CVE-2007-5135",
"url": "https://bugzilla.suse.com/329208"
},
{
"category": "external",
"summary": "SUSE Bug 331726 for CVE-2007-5135",
"url": "https://bugzilla.suse.com/331726"
},
{
"category": "external",
"summary": "SUSE Bug 363663 for CVE-2007-5135",
"url": "https://bugzilla.suse.com/363663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-5135"
},
{
"cve": "CVE-2008-0891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0891"
}
],
"notes": [
{
"category": "general",
"text": "Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0891",
"url": "https://www.suse.com/security/cve/CVE-2008-0891"
},
{
"category": "external",
"summary": "SUSE Bug 394317 for CVE-2008-0891",
"url": "https://bugzilla.suse.com/394317"
},
{
"category": "external",
"summary": "SUSE Bug 404511 for CVE-2008-0891",
"url": "https://bugzilla.suse.com/404511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0891"
},
{
"cve": "CVE-2008-1672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1672"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses \"particular cipher suites,\" which triggers a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1672",
"url": "https://www.suse.com/security/cve/CVE-2008-1672"
},
{
"category": "external",
"summary": "SUSE Bug 394317 for CVE-2008-1672",
"url": "https://bugzilla.suse.com/394317"
},
{
"category": "external",
"summary": "SUSE Bug 404511 for CVE-2008-1672",
"url": "https://bugzilla.suse.com/404511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1672"
},
{
"cve": "CVE-2016-7055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7055"
}
],
"notes": [
{
"category": "general",
"text": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker\u0027s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7055",
"url": "https://www.suse.com/security/cve/CVE-2016-7055"
},
{
"category": "external",
"summary": "SUSE Bug 1009528 for CVE-2016-7055",
"url": "https://bugzilla.suse.com/1009528"
},
{
"category": "external",
"summary": "SUSE Bug 1021641 for CVE-2016-7055",
"url": "https://bugzilla.suse.com/1021641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-7055"
},
{
"cve": "CVE-2016-7056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7056"
}
],
"notes": [
{
"category": "general",
"text": "A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7056",
"url": "https://www.suse.com/security/cve/CVE-2016-7056"
},
{
"category": "external",
"summary": "SUSE Bug 1005878 for CVE-2016-7056",
"url": "https://bugzilla.suse.com/1005878"
},
{
"category": "external",
"summary": "SUSE Bug 1019334 for CVE-2016-7056",
"url": "https://bugzilla.suse.com/1019334"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2016-7056",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-7056"
},
{
"cve": "CVE-2017-3731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3731"
}
],
"notes": [
{
"category": "general",
"text": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3731",
"url": "https://www.suse.com/security/cve/CVE-2017-3731"
},
{
"category": "external",
"summary": "SUSE Bug 1021641 for CVE-2017-3731",
"url": "https://bugzilla.suse.com/1021641"
},
{
"category": "external",
"summary": "SUSE Bug 1022085 for CVE-2017-3731",
"url": "https://bugzilla.suse.com/1022085"
},
{
"category": "external",
"summary": "SUSE Bug 1064118 for CVE-2017-3731",
"url": "https://bugzilla.suse.com/1064118"
},
{
"category": "external",
"summary": "SUSE Bug 1064119 for CVE-2017-3731",
"url": "https://bugzilla.suse.com/1064119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-3731"
},
{
"cve": "CVE-2017-3732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3732"
}
],
"notes": [
{
"category": "general",
"text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3732",
"url": "https://www.suse.com/security/cve/CVE-2017-3732"
},
{
"category": "external",
"summary": "SUSE Bug 1021641 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1021641"
},
{
"category": "external",
"summary": "SUSE Bug 1022086 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1022086"
},
{
"category": "external",
"summary": "SUSE Bug 1049418 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1049418"
},
{
"category": "external",
"summary": "SUSE Bug 1049421 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1049421"
},
{
"category": "external",
"summary": "SUSE Bug 1049422 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1049422"
},
{
"category": "external",
"summary": "SUSE Bug 1066242 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1066242"
},
{
"category": "external",
"summary": "SUSE Bug 1071906 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/1071906"
},
{
"category": "external",
"summary": "SUSE Bug 957814 for CVE-2017-3732",
"url": "https://bugzilla.suse.com/957814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-3732"
},
{
"cve": "CVE-2017-3735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3735"
}
],
"notes": [
{
"category": "general",
"text": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3735",
"url": "https://www.suse.com/security/cve/CVE-2017-3735"
},
{
"category": "external",
"summary": "SUSE Bug 1056058 for CVE-2017-3735",
"url": "https://bugzilla.suse.com/1056058"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-3735"
},
{
"cve": "CVE-2017-3736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3736"
}
],
"notes": [
{
"category": "general",
"text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3736",
"url": "https://www.suse.com/security/cve/CVE-2017-3736"
},
{
"category": "external",
"summary": "SUSE Bug 1066242 for CVE-2017-3736",
"url": "https://bugzilla.suse.com/1066242"
},
{
"category": "external",
"summary": "SUSE Bug 1071906 for CVE-2017-3736",
"url": "https://bugzilla.suse.com/1071906"
},
{
"category": "external",
"summary": "SUSE Bug 1076369 for CVE-2017-3736",
"url": "https://bugzilla.suse.com/1076369"
},
{
"category": "external",
"summary": "SUSE Bug 957814 for CVE-2017-3736",
"url": "https://bugzilla.suse.com/957814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-3736"
},
{
"cve": "CVE-2017-3737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3737"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3737",
"url": "https://www.suse.com/security/cve/CVE-2017-3737"
},
{
"category": "external",
"summary": "SUSE Bug 1071905 for CVE-2017-3737",
"url": "https://bugzilla.suse.com/1071905"
},
{
"category": "external",
"summary": "SUSE Bug 1072322 for CVE-2017-3737",
"url": "https://bugzilla.suse.com/1072322"
},
{
"category": "external",
"summary": "SUSE Bug 1076369 for CVE-2017-3737",
"url": "https://bugzilla.suse.com/1076369"
},
{
"category": "external",
"summary": "SUSE Bug 1089987 for CVE-2017-3737",
"url": "https://bugzilla.suse.com/1089987"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2017-3737",
"url": "https://bugzilla.suse.com/1089997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-3737"
},
{
"cve": "CVE-2017-3738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3738"
}
],
"notes": [
{
"category": "general",
"text": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3738",
"url": "https://www.suse.com/security/cve/CVE-2017-3738"
},
{
"category": "external",
"summary": "SUSE Bug 1071906 for CVE-2017-3738",
"url": "https://bugzilla.suse.com/1071906"
},
{
"category": "external",
"summary": "SUSE Bug 1097757 for CVE-2017-3738",
"url": "https://bugzilla.suse.com/1097757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-3738"
},
{
"cve": "CVE-2018-0732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0732"
}
],
"notes": [
{
"category": "general",
"text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0732",
"url": "https://www.suse.com/security/cve/CVE-2018-0732"
},
{
"category": "external",
"summary": "SUSE Bug 1077628 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1077628"
},
{
"category": "external",
"summary": "SUSE Bug 1097158 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1097158"
},
{
"category": "external",
"summary": "SUSE Bug 1099502 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1099502"
},
{
"category": "external",
"summary": "SUSE Bug 1106692 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1106692"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1110163 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1110163"
},
{
"category": "external",
"summary": "SUSE Bug 1112097 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1112097"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0737"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0737",
"url": "https://www.suse.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "SUSE Bug 1089039 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089039"
},
{
"category": "external",
"summary": "SUSE Bug 1089041 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089041"
},
{
"category": "external",
"summary": "SUSE Bug 1089044 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089044"
},
{
"category": "external",
"summary": "SUSE Bug 1089045 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089045"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1123780 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1123780"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-0737"
},
{
"cve": "CVE-2018-0739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0739"
}
],
"notes": [
{
"category": "general",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0739",
"url": "https://www.suse.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "SUSE Bug 1087102 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1087102"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1089997"
},
{
"category": "external",
"summary": "SUSE Bug 1094291 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1094291"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0739",
"url": "https://bugzilla.suse.com/1108542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-0739"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
},
{
"cve": "CVE-2019-1547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1547"
}
],
"notes": [
{
"category": "general",
"text": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1547",
"url": "https://www.suse.com/security/cve/CVE-2019-1547"
},
{
"category": "external",
"summary": "SUSE Bug 1150003 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1150003"
},
{
"category": "external",
"summary": "SUSE Bug 1154162 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1154162"
},
{
"category": "external",
"summary": "SUSE Bug 1154166 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1154166"
},
{
"category": "external",
"summary": "SUSE Bug 1156430 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1156430"
},
{
"category": "external",
"summary": "SUSE Bug 1161085 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1161085"
},
{
"category": "external",
"summary": "SUSE Bug 1205621 for CVE-2019-1547",
"url": "https://bugzilla.suse.com/1205621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-1547"
},
{
"cve": "CVE-2019-1551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1551"
}
],
"notes": [
{
"category": "general",
"text": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1551",
"url": "https://www.suse.com/security/cve/CVE-2019-1551"
},
{
"category": "external",
"summary": "SUSE Bug 1158809 for CVE-2019-1551",
"url": "https://bugzilla.suse.com/1158809"
},
{
"category": "external",
"summary": "SUSE Bug 1205621 for CVE-2019-1551",
"url": "https://bugzilla.suse.com/1205621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-1551"
},
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
},
{
"cve": "CVE-2019-1563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1563"
}
],
"notes": [
{
"category": "general",
"text": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1563",
"url": "https://www.suse.com/security/cve/CVE-2019-1563"
},
{
"category": "external",
"summary": "SUSE Bug 1150250 for CVE-2019-1563",
"url": "https://bugzilla.suse.com/1150250"
},
{
"category": "external",
"summary": "SUSE Bug 1154162 for CVE-2019-1563",
"url": "https://bugzilla.suse.com/1154162"
},
{
"category": "external",
"summary": "SUSE Bug 1156430 for CVE-2019-1563",
"url": "https://bugzilla.suse.com/1156430"
},
{
"category": "external",
"summary": "SUSE Bug 1205621 for CVE-2019-1563",
"url": "https://bugzilla.suse.com/1205621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-1563"
},
{
"cve": "CVE-2021-23840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23840"
}
],
"notes": [
{
"category": "general",
"text": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23840",
"url": "https://www.suse.com/security/cve/CVE-2021-23840"
},
{
"category": "external",
"summary": "SUSE Bug 1182333 for CVE-2021-23840",
"url": "https://bugzilla.suse.com/1182333"
},
{
"category": "external",
"summary": "SUSE Bug 1187743 for CVE-2021-23840",
"url": "https://bugzilla.suse.com/1187743"
},
{
"category": "external",
"summary": "SUSE Bug 1214334 for CVE-2021-23840",
"url": "https://bugzilla.suse.com/1214334"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-23840",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23840"
},
{
"cve": "CVE-2021-23841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23841"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23841",
"url": "https://www.suse.com/security/cve/CVE-2021-23841"
},
{
"category": "external",
"summary": "SUSE Bug 1182331 for CVE-2021-23841",
"url": "https://bugzilla.suse.com/1182331"
},
{
"category": "external",
"summary": "SUSE Bug 1187743 for CVE-2021-23841",
"url": "https://bugzilla.suse.com/1187743"
},
{
"category": "external",
"summary": "SUSE Bug 1214334 for CVE-2021-23841",
"url": "https://bugzilla.suse.com/1214334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23841"
},
{
"cve": "CVE-2021-3712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3712"
}
],
"notes": [
{
"category": "general",
"text": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3712",
"url": "https://www.suse.com/security/cve/CVE-2021-3712"
},
{
"category": "external",
"summary": "SUSE Bug 1189521 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1189521"
},
{
"category": "external",
"summary": "SUSE Bug 1190129 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1190129"
},
{
"category": "external",
"summary": "SUSE Bug 1191640 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1191640"
},
{
"category": "external",
"summary": "SUSE Bug 1192100 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1192100"
},
{
"category": "external",
"summary": "SUSE Bug 1192787 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1192787"
},
{
"category": "external",
"summary": "SUSE Bug 1194948 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1194948"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl-1_0_0-devel-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl10-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-hmac-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:libopenssl1_0_0-steam-32bit-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-cavs-1.0.2u-6.2.x86_64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.aarch64",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.ppc64le",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.s390x",
"openSUSE Tumbleweed:openssl-1_0_0-doc-1.0.2u-6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3712"
}
]
}
suse-su-2018:3964-1
Vulnerability from csaf_suse
Published
2018-12-03 14:32
Modified
2018-12-03 14:32
Summary
Security update for openssl1
Notes
Title of the patch
Security update for openssl1
Description of the patch
This update for openssl1 fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).
- Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789).
Patchnames
secsp3-openssl1-13887
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).\n- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).\n- Fixed the \u0027One and Done\u0027 side-channel attack on RSA (bsc#1104789).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "secsp3-openssl1-13887",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3964-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3964-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183964-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3964-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183964-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104789",
"url": "https://bugzilla.suse.com/1104789"
},
{
"category": "self",
"summary": "SUSE Bug 1110018",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8610 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
}
],
"title": "Security update for openssl1",
"tracking": {
"current_release_date": "2018-12-03T14:32:33Z",
"generator": {
"date": "2018-12-03T14:32:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3964-1",
"initial_release_date": "2018-12-03T14:32:33Z",
"revision_history": [
{
"date": "2018-12-03T14:32:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"product_id": "libopenssl1-devel-1.0.1g-0.58.15.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.15.1.i586"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.15.1.i586",
"product": {
"name": "openssl1-1.0.1g-0.58.15.1.i586",
"product_id": "openssl1-1.0.1g-0.58.15.1.i586"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.15.1.i586",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.15.1.i586",
"product_id": "openssl1-doc-1.0.1g-0.58.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.15.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.15.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"product": {
"name": "libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"product_id": "libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.15.1.ia64",
"product": {
"name": "openssl1-1.0.1g-0.58.15.1.ia64",
"product_id": "openssl1-1.0.1g-0.58.15.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.15.1.ia64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.15.1.ia64",
"product_id": "openssl1-doc-1.0.1g-0.58.15.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.15.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"product_id": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.15.1.ppc64",
"product": {
"name": "openssl1-1.0.1g-0.58.15.1.ppc64",
"product_id": "openssl1-1.0.1g-0.58.15.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"product_id": "openssl1-doc-1.0.1g-0.58.15.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"product_id": "libopenssl1-devel-1.0.1g-0.58.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.15.1.s390x",
"product": {
"name": "openssl1-1.0.1g-0.58.15.1.s390x",
"product_id": "openssl1-1.0.1g-0.58.15.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.15.1.s390x",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.15.1.s390x",
"product_id": "openssl1-doc-1.0.1g-0.58.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"product": {
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"product_id": "libopenssl1-devel-1.0.1g-0.58.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl1-1.0.1g-0.58.15.1.x86_64",
"product": {
"name": "openssl1-1.0.1g-0.58.15.1.x86_64",
"product_id": "openssl1-1.0.1g-0.58.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl1-doc-1.0.1g-0.58.15.1.x86_64",
"product": {
"name": "openssl1-doc-1.0.1g-0.58.15.1.x86_64",
"product_id": "openssl1-doc-1.0.1g-0.58.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product": {
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:security"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.i586"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ia64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ppc64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.s390x"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1-devel-1.0.1g-0.58.15.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.x86_64"
},
"product_reference": "libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.i586"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ia64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64"
},
"product_reference": "libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.15.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.i586"
},
"product_reference": "openssl1-1.0.1g-0.58.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.15.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ia64"
},
"product_reference": "openssl1-1.0.1g-0.58.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.15.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ppc64"
},
"product_reference": "openssl1-1.0.1g-0.58.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.15.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.s390x"
},
"product_reference": "openssl1-1.0.1g-0.58.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-1.0.1g-0.58.15.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.x86_64"
},
"product_reference": "openssl1-1.0.1g-0.58.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.15.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.i586"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.15.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ia64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.15.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ppc64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.15.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.s390x"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl1-doc-1.0.1g-0.58.15.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.x86_64"
},
"product_reference": "openssl1-doc-1.0.1g-0.58.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-8610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8610"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8610",
"url": "https://www.suse.com/security/cve/CVE-2016-8610"
},
{
"category": "external",
"summary": "SUSE Bug 1005878 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005878"
},
{
"category": "external",
"summary": "SUSE Bug 1005879 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005879"
},
{
"category": "external",
"summary": "SUSE Bug 1110018 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "external",
"summary": "SUSE Bug 1120592 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1120592"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1148697"
},
{
"category": "external",
"summary": "SUSE Bug 982575 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/982575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-03T14:32:33Z",
"details": "important"
}
],
"title": "CVE-2016-8610"
},
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-03T14:32:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.58.15.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.58.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-03T14:32:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
}
]
}
suse-su-2019:0117-1
Vulnerability from csaf_suse
Published
2019-01-18 10:52
Modified
2019-01-18 10:52
Summary
Security update for nodejs4
Notes
Title of the patch
Security update for nodejs4
Description of the patch
This update for nodejs4 fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652)
- CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka 'PortSmash') (bsc#1113534)
- CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625)
- CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626)
- CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service (bsc#1117627)
- CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)
- CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629)
Patchnames
SUSE-2019-117,SUSE-SLE-Module-Web-Scripting-12-2019-117,SUSE-Storage-4-2019-117
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs4 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652)\n- CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka \u0027PortSmash\u0027) (bsc#1113534)\n- CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625)\n- CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626)\n- CVE-2018-12122: Fixed the \u0027Slowloris\u0027 HTTP Denial of Service (bsc#1117627)\n- CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n- CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-117,SUSE-SLE-Module-Web-Scripting-12-2019-117,SUSE-Storage-4-2019-117",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0117-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0117-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190117-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0117-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-January/005042.html"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE Bug 1117625",
"url": "https://bugzilla.suse.com/1117625"
},
{
"category": "self",
"summary": "SUSE Bug 1117626",
"url": "https://bugzilla.suse.com/1117626"
},
{
"category": "self",
"summary": "SUSE Bug 1117627",
"url": "https://bugzilla.suse.com/1117627"
},
{
"category": "self",
"summary": "SUSE Bug 1117629",
"url": "https://bugzilla.suse.com/1117629"
},
{
"category": "self",
"summary": "SUSE Bug 1117630",
"url": "https://bugzilla.suse.com/1117630"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12116 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12120 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12121 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12123 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
}
],
"title": "Security update for nodejs4",
"tracking": {
"current_release_date": "2019-01-18T10:52:41Z",
"generator": {
"date": "2019-01-18T10:52:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0117-1",
"initial_release_date": "2019-01-18T10:52:41Z",
"revision_history": [
{
"date": "2019-01-18T10:52:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs4-4.9.1-15.17.1.aarch64",
"product": {
"name": "nodejs4-4.9.1-15.17.1.aarch64",
"product_id": "nodejs4-4.9.1-15.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs4-devel-4.9.1-15.17.1.aarch64",
"product": {
"name": "nodejs4-devel-4.9.1-15.17.1.aarch64",
"product_id": "nodejs4-devel-4.9.1-15.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm4-4.9.1-15.17.1.aarch64",
"product": {
"name": "npm4-4.9.1-15.17.1.aarch64",
"product_id": "npm4-4.9.1-15.17.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs4-4.9.1-15.17.1.i586",
"product": {
"name": "nodejs4-4.9.1-15.17.1.i586",
"product_id": "nodejs4-4.9.1-15.17.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs4-devel-4.9.1-15.17.1.i586",
"product": {
"name": "nodejs4-devel-4.9.1-15.17.1.i586",
"product_id": "nodejs4-devel-4.9.1-15.17.1.i586"
}
},
{
"category": "product_version",
"name": "npm4-4.9.1-15.17.1.i586",
"product": {
"name": "npm4-4.9.1-15.17.1.i586",
"product_id": "npm4-4.9.1-15.17.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs4-docs-4.9.1-15.17.1.noarch",
"product": {
"name": "nodejs4-docs-4.9.1-15.17.1.noarch",
"product_id": "nodejs4-docs-4.9.1-15.17.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs4-4.9.1-15.17.1.ppc64le",
"product": {
"name": "nodejs4-4.9.1-15.17.1.ppc64le",
"product_id": "nodejs4-4.9.1-15.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs4-devel-4.9.1-15.17.1.ppc64le",
"product": {
"name": "nodejs4-devel-4.9.1-15.17.1.ppc64le",
"product_id": "nodejs4-devel-4.9.1-15.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm4-4.9.1-15.17.1.ppc64le",
"product": {
"name": "npm4-4.9.1-15.17.1.ppc64le",
"product_id": "npm4-4.9.1-15.17.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs4-4.9.1-15.17.1.x86_64",
"product": {
"name": "nodejs4-4.9.1-15.17.1.x86_64",
"product_id": "nodejs4-4.9.1-15.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs4-devel-4.9.1-15.17.1.x86_64",
"product": {
"name": "nodejs4-devel-4.9.1-15.17.1.x86_64",
"product_id": "nodejs4-devel-4.9.1-15.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm4-4.9.1-15.17.1.x86_64",
"product": {
"name": "npm4-4.9.1-15.17.1.x86_64",
"product_id": "npm4-4.9.1-15.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-4.9.1-15.17.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64"
},
"product_reference": "nodejs4-4.9.1-15.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-4.9.1-15.17.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le"
},
"product_reference": "nodejs4-4.9.1-15.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-4.9.1-15.17.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64"
},
"product_reference": "nodejs4-4.9.1-15.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-devel-4.9.1-15.17.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64"
},
"product_reference": "nodejs4-devel-4.9.1-15.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-devel-4.9.1-15.17.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le"
},
"product_reference": "nodejs4-devel-4.9.1-15.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-devel-4.9.1-15.17.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64"
},
"product_reference": "nodejs4-devel-4.9.1-15.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-docs-4.9.1-15.17.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch"
},
"product_reference": "nodejs4-docs-4.9.1-15.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm4-4.9.1-15.17.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64"
},
"product_reference": "npm4-4.9.1-15.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm4-4.9.1-15.17.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le"
},
"product_reference": "npm4-4.9.1-15.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm4-4.9.1-15.17.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
},
"product_reference": "npm4-4.9.1-15.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-4.9.1-15.17.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64"
},
"product_reference": "nodejs4-4.9.1-15.17.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs4-4.9.1-15.17.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64"
},
"product_reference": "nodejs4-4.9.1-15.17.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-18T10:52:41Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-12116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12116"
}
],
"notes": [
{
"category": "general",
"text": "Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12116",
"url": "https://www.suse.com/security/cve/CVE-2018-12116"
},
{
"category": "external",
"summary": "SUSE Bug 1117630 for CVE-2018-12116",
"url": "https://bugzilla.suse.com/1117630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-18T10:52:41Z",
"details": "moderate"
}
],
"title": "CVE-2018-12116"
},
{
"cve": "CVE-2018-12120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12120"
}
],
"notes": [
{
"category": "general",
"text": "Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12120",
"url": "https://www.suse.com/security/cve/CVE-2018-12120"
},
{
"category": "external",
"summary": "SUSE Bug 1117625 for CVE-2018-12120",
"url": "https://bugzilla.suse.com/1117625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-18T10:52:41Z",
"details": "critical"
}
],
"title": "CVE-2018-12120"
},
{
"cve": "CVE-2018-12121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12121"
}
],
"notes": [
{
"category": "general",
"text": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12121",
"url": "https://www.suse.com/security/cve/CVE-2018-12121"
},
{
"category": "external",
"summary": "SUSE Bug 1117626 for CVE-2018-12121",
"url": "https://bugzilla.suse.com/1117626"
},
{
"category": "external",
"summary": "SUSE Bug 1127532 for CVE-2018-12121",
"url": "https://bugzilla.suse.com/1127532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-18T10:52:41Z",
"details": "important"
}
],
"title": "CVE-2018-12121"
},
{
"cve": "CVE-2018-12122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12122"
}
],
"notes": [
{
"category": "general",
"text": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12122",
"url": "https://www.suse.com/security/cve/CVE-2018-12122"
},
{
"category": "external",
"summary": "SUSE Bug 1117627 for CVE-2018-12122",
"url": "https://bugzilla.suse.com/1117627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-18T10:52:41Z",
"details": "important"
}
],
"title": "CVE-2018-12122"
},
{
"cve": "CVE-2018-12123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12123"
}
],
"notes": [
{
"category": "general",
"text": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12123",
"url": "https://www.suse.com/security/cve/CVE-2018-12123"
},
{
"category": "external",
"summary": "SUSE Bug 1117629 for CVE-2018-12123",
"url": "https://bugzilla.suse.com/1117629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-18T10:52:41Z",
"details": "moderate"
}
],
"title": "CVE-2018-12123"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-18T10:52:41Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
}
]
}
suse-su-2018:3989-1
Vulnerability from csaf_suse
Published
2018-12-05 11:50
Modified
2018-12-05 11:50
Summary
Security update for openssl-1_0_0
Notes
Title of the patch
Security update for openssl-1_0_0
Description of the patch
This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- Add missing timing side channel patch for DSA signature generation (bsc#1113742).
Non-security issues fixed:
- Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209).
- Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078).
Patchnames
SUSE-SLE-DESKTOP-12-SP4-2018-2846,SUSE-SLE-SDK-12-SP4-2018-2846,SUSE-SLE-SERVER-12-SP4-2018-2846
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_0_0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_0_0 fixes the following issues:\n\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).\n- Add missing timing side channel patch for DSA signature generation (bsc#1113742).\n\nNon-security issues fixed:\n\n- Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209).\n- Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP4-2018-2846,SUSE-SLE-SDK-12-SP4-2018-2846,SUSE-SLE-SERVER-12-SP4-2018-2846",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3989-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3989-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183989-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3989-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004923.html"
},
{
"category": "self",
"summary": "SUSE Bug 1100078",
"url": "https://bugzilla.suse.com/1100078"
},
{
"category": "self",
"summary": "SUSE Bug 1112209",
"url": "https://bugzilla.suse.com/1112209"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE Bug 1113742",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
}
],
"title": "Security update for openssl-1_0_0",
"tracking": {
"current_release_date": "2018-12-05T11:50:48Z",
"generator": {
"date": "2018-12-05T11:50:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3989-1",
"initial_release_date": "2018-12-05T11:50:48Z",
"revision_history": [
{
"date": "2018-12-05T11:50:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"product_id": "libopenssl1_0_0-1.0.2p-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"product_id": "openssl-1_0_0-1.0.2p-3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"product": {
"name": "openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"product_id": "openssl-1_0_0-doc-1.0.2p-3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.2p-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"product_id": "openssl-1_0_0-1.0.2p-3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"product_id": "libopenssl1_0_0-1.0.2p-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.3.1.s390x",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.s390x",
"product_id": "openssl-1_0_0-1.0.2p-3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.2p-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"product_id": "openssl-1_0_0-1.0.2p-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2p-3.3.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch"
},
"product_reference": "openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-doc-1.0.2p-3.3.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch"
},
"product_reference": "openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-05T11:50:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-1.0.2p-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_0_0-doc-1.0.2p-3.3.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-05T11:50:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
}
]
}
suse-su-2018:4001-1
Vulnerability from csaf_suse
Published
2018-12-06 13:33
Modified
2018-12-06 13:33
Summary
Security update for openssl-1_0_0
Notes
Title of the patch
Security update for openssl-1_0_0
Description of the patch
This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes 'PortSmash' (bsc#1113534).
Non-security issues fixed:
- Added missing timing side channel patch for DSA signature generation (bsc#1113742).
- Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078).
- Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209)
Patchnames
SUSE-SLE-Module-Development-Tools-OBS-15-2018-2862,SUSE-SLE-Module-Legacy-15-2018-2862
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_0_0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_0_0 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes \u0027PortSmash\u0027 (bsc#1113534).\n\nNon-security issues fixed:\n\n- Added missing timing side channel patch for DSA signature generation (bsc#1113742).\n- Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078).\n- Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Development-Tools-OBS-15-2018-2862,SUSE-SLE-Module-Legacy-15-2018-2862",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_4001-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:4001-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20184001-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:4001-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004930.html"
},
{
"category": "self",
"summary": "SUSE Bug 1100078",
"url": "https://bugzilla.suse.com/1100078"
},
{
"category": "self",
"summary": "SUSE Bug 1112209",
"url": "https://bugzilla.suse.com/1112209"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE Bug 1113742",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
}
],
"title": "Security update for openssl-1_0_0",
"tracking": {
"current_release_date": "2018-12-06T13:33:24Z",
"generator": {
"date": "2018-12-06T13:33:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:4001-1",
"initial_release_date": "2018-12-06T13:33:24Z",
"revision_history": [
{
"date": "2018-12-06T13:33:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.11.1.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.11.1.aarch64",
"product_id": "libopenssl1_0_0-1.0.2p-3.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.11.1.aarch64",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.11.1.aarch64",
"product_id": "openssl-1_0_0-1.0.2p-3.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.11.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.11.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.2p-3.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.11.1.ppc64le",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.11.1.ppc64le",
"product_id": "openssl-1_0_0-1.0.2p-3.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.11.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.11.1.s390x",
"product_id": "libopenssl1_0_0-1.0.2p-3.11.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.11.1.s390x",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.11.1.s390x",
"product_id": "openssl-1_0_0-1.0.2p-3.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64",
"product": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64",
"product_id": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2p-3.11.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2p-3.11.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.2p-3.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_0_0-1.0.2p-3.11.1.x86_64",
"product": {
"name": "openssl-1_0_0-1.0.2p-3.11.1.x86_64",
"product_id": "openssl-1_0_0-1.0.2p-3.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64"
},
"product_reference": "libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.11.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2p-3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2p-3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.aarch64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.ppc64le"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.11.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.s390x"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_0_0-1.0.2p-3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.x86_64"
},
"product_reference": "openssl-1_0_0-1.0.2p-3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T13:33:24Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl-1_0_0-devel-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:libopenssl1_0_0-1.0.2p-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:openssl-1_0_0-1.0.2p-3.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T13:33:24Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
}
]
}
suse-su-2018:3864-2
Vulnerability from csaf_suse
Published
2019-04-27 13:33
Modified
2019-04-27 13:33
Summary
Security update for openssl
Notes
Title of the patch
Security update for openssl
Description of the patch
This update for openssl fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- CVE-2018-0737: Corrected the current error detection of the current fix (bsc#1106197).
- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).
- Add missing timing side channel patch for DSA signature generation (bsc#1113742).
- Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789).
Non-security issues fixed:
- Added openssl(cli) so that the packages that required the openssl binary can require this instead of the new openssl meta package (bsc#1101470).
Patchnames
SUSE-SLE-SAP-12-SP1-2019-1063
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).\n- CVE-2018-0737: Corrected the current error detection of the current fix (bsc#1106197). \n- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).\n- Add missing timing side channel patch for DSA signature generation (bsc#1113742).\n- Fixed the \u0027One and Done\u0027 side-channel attack on RSA (bsc#1104789).\n\nNon-security issues fixed:\n\n- Added openssl(cli) so that the packages that required the openssl binary can require this instead of the new openssl meta package (bsc#1101470).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2019-1063",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3864-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3864-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183864-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3864-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005383.html"
},
{
"category": "self",
"summary": "SUSE Bug 1101470",
"url": "https://bugzilla.suse.com/1101470"
},
{
"category": "self",
"summary": "SUSE Bug 1104789",
"url": "https://bugzilla.suse.com/1104789"
},
{
"category": "self",
"summary": "SUSE Bug 1106197",
"url": "https://bugzilla.suse.com/1106197"
},
{
"category": "self",
"summary": "SUSE Bug 1110018",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8610 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0737 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2019-04-27T13:33:27Z",
"generator": {
"date": "2019-04-27T13:33:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3864-2",
"initial_release_date": "2019-04-27T13:33:27Z",
"revision_history": [
{
"date": "2019-04-27T13:33:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssl-doc-1.0.1i-54.20.1.noarch",
"product": {
"name": "openssl-doc-1.0.1i-54.20.1.noarch",
"product_id": "openssl-doc-1.0.1i-54.20.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1i-54.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.20.1.x86_64",
"product": {
"name": "openssl-1.0.1i-54.20.1.x86_64",
"product_id": "openssl-1.0.1i-54.20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64"
},
"product_reference": "openssl-1.0.1i-54.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.1i-54.20.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
},
"product_reference": "openssl-doc-1.0.1i-54.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-8610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8610"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8610",
"url": "https://www.suse.com/security/cve/CVE-2016-8610"
},
{
"category": "external",
"summary": "SUSE Bug 1005878 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005878"
},
{
"category": "external",
"summary": "SUSE Bug 1005879 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005879"
},
{
"category": "external",
"summary": "SUSE Bug 1110018 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "external",
"summary": "SUSE Bug 1120592 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1120592"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1148697"
},
{
"category": "external",
"summary": "SUSE Bug 982575 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/982575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:33:27Z",
"details": "important"
}
],
"title": "CVE-2016-8610"
},
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:33:27Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0737"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0737",
"url": "https://www.suse.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "SUSE Bug 1089039 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089039"
},
{
"category": "external",
"summary": "SUSE Bug 1089041 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089041"
},
{
"category": "external",
"summary": "SUSE Bug 1089044 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089044"
},
{
"category": "external",
"summary": "SUSE Bug 1089045 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089045"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1123780 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1123780"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:33:27Z",
"details": "moderate"
}
],
"title": "CVE-2018-0737"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:33:27Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
}
]
}
suse-su-2019:1553-1
Vulnerability from csaf_suse
Published
2019-06-18 16:29
Modified
2019-06-18 16:29
Summary
Security update for openssl
Notes
Title of the patch
Security update for openssl
Description of the patch
This update for openssl fixes the following issues:
- CVE-2018-0732: Reject excessively large primes in DH key generation (bsc#1097158)
- CVE-2018-0734: Timing vulnerability in DSA signature generation (bsc#1113652)
- CVE-2018-0737: Cache timing vulnerability in RSA Key Generation (bsc#1089039)
- CVE-2018-5407: Elliptic curve scalar multiplication timing attack defenses (fixes 'PortSmash') (bsc#1113534)
- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)
- Fix One&Done side-channel attack on RSA (bsc#1104789)
- Reject invalid EC point coordinates (bsc#1131291)
- The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951)
- Add missing error string to CVE-2016-8610 fix (bsc#1110018#c9)
- blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)
Non security fixes:
- correct the error detection in the fips patch (bsc#1106197)
- Add openssl(cli) Provide so the packages that require the openssl
binary can require this instead of the new openssl meta package
(bsc#1101470)
Patchnames
SUSE-2019-1553,SUSE-SLE-SERVER-12-2019-1553
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n \nThis update for openssl fixes the following issues:\n\n- CVE-2018-0732: Reject excessively large primes in DH key generation (bsc#1097158)\n- CVE-2018-0734: Timing vulnerability in DSA signature generation (bsc#1113652)\n- CVE-2018-0737: Cache timing vulnerability in RSA Key Generation (bsc#1089039)\n- CVE-2018-5407: Elliptic curve scalar multiplication timing attack defenses (fixes \u0027PortSmash\u0027) (bsc#1113534)\n- CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)\n- Fix One\u0026Done side-channel attack on RSA (bsc#1104789)\n- Reject invalid EC point coordinates (bsc#1131291)\n- The 9 Lives of Bleichenbacher\u0027s CAT: Cache ATtacks on TLS Implementations (bsc#1117951)\n- Add missing error string to CVE-2016-8610 fix (bsc#1110018#c9)\n- blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)\n\nNon security fixes:\n\n- correct the error detection in the fips patch (bsc#1106197)\n- Add openssl(cli) Provide so the packages that require the openssl\n binary can require this instead of the new openssl meta package\n (bsc#1101470)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-1553,SUSE-SLE-SERVER-12-2019-1553",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1553-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:1553-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191553-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:1553-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-June/005586.html"
},
{
"category": "self",
"summary": "SUSE Bug 1089039",
"url": "https://bugzilla.suse.com/1089039"
},
{
"category": "self",
"summary": "SUSE Bug 1097158",
"url": "https://bugzilla.suse.com/1097158"
},
{
"category": "self",
"summary": "SUSE Bug 1097624",
"url": "https://bugzilla.suse.com/1097624"
},
{
"category": "self",
"summary": "SUSE Bug 1098592",
"url": "https://bugzilla.suse.com/1098592"
},
{
"category": "self",
"summary": "SUSE Bug 1101470",
"url": "https://bugzilla.suse.com/1101470"
},
{
"category": "self",
"summary": "SUSE Bug 1104789",
"url": "https://bugzilla.suse.com/1104789"
},
{
"category": "self",
"summary": "SUSE Bug 1106197",
"url": "https://bugzilla.suse.com/1106197"
},
{
"category": "self",
"summary": "SUSE Bug 1110018",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE Bug 1117951",
"url": "https://bugzilla.suse.com/1117951"
},
{
"category": "self",
"summary": "SUSE Bug 1127080",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "self",
"summary": "SUSE Bug 1131291",
"url": "https://bugzilla.suse.com/1131291"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8610 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0732 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0737 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1559 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1559/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2019-06-18T16:29:26Z",
"generator": {
"date": "2019-06-18T16:29:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:1553-1",
"initial_release_date": "2019-06-18T16:29:26Z",
"revision_history": [
{
"date": "2019-06-18T16:29:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.aarch64",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.aarch64",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.aarch64",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.aarch64",
"product": {
"name": "openssl-1.0.1i-27.34.1.aarch64",
"product_id": "openssl-1.0.1i-27.34.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product": {
"name": "libopenssl-devel-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product_id": "libopenssl-devel-64bit-1.0.1i-27.34.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product_id": "libopenssl1_0_0-64bit-1.0.1i-27.34.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_0_0-hmac-64bit-1.0.1i-27.34.1.aarch64_ilp32",
"product_id": "libopenssl1_0_0-hmac-64bit-1.0.1i-27.34.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.i586",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.i586",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.i586",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.i586",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.i586",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.i586",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.i586",
"product": {
"name": "openssl-1.0.1i-27.34.1.i586",
"product_id": "openssl-1.0.1i-27.34.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-doc-1.0.1i-27.34.1.noarch",
"product": {
"name": "openssl-doc-1.0.1i-27.34.1.noarch",
"product_id": "openssl-doc-1.0.1i-27.34.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.ppc64le",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.ppc64le",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.ppc64le",
"product": {
"name": "openssl-1.0.1i-27.34.1.ppc64le",
"product_id": "openssl-1.0.1i-27.34.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.s390",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.s390",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.s390",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.s390",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.s390",
"product": {
"name": "openssl-1.0.1i-27.34.1.s390",
"product_id": "openssl-1.0.1i-27.34.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl-devel-32bit-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl-devel-32bit-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.s390x",
"product": {
"name": "openssl-1.0.1i-27.34.1.s390x",
"product_id": "openssl-1.0.1i-27.34.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl-devel-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl-devel-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl-devel-32bit-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl-devel-32bit-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-27.34.1.x86_64",
"product": {
"name": "openssl-1.0.1i-27.34.1.x86_64",
"product_id": "openssl-1.0.1i-27.34.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-27.34.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-27.34.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le"
},
"product_reference": "openssl-1.0.1i-27.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-27.34.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x"
},
"product_reference": "openssl-1.0.1i-27.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-27.34.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64"
},
"product_reference": "openssl-1.0.1i-27.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.1i-27.34.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
},
"product_reference": "openssl-doc-1.0.1i-27.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-8610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8610"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8610",
"url": "https://www.suse.com/security/cve/CVE-2016-8610"
},
{
"category": "external",
"summary": "SUSE Bug 1005878 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005878"
},
{
"category": "external",
"summary": "SUSE Bug 1005879 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005879"
},
{
"category": "external",
"summary": "SUSE Bug 1110018 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "external",
"summary": "SUSE Bug 1120592 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1120592"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1148697"
},
{
"category": "external",
"summary": "SUSE Bug 982575 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/982575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "important"
}
],
"title": "CVE-2016-8610"
},
{
"cve": "CVE-2018-0732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0732"
}
],
"notes": [
{
"category": "general",
"text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0732",
"url": "https://www.suse.com/security/cve/CVE-2018-0732"
},
{
"category": "external",
"summary": "SUSE Bug 1077628 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1077628"
},
{
"category": "external",
"summary": "SUSE Bug 1097158 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1097158"
},
{
"category": "external",
"summary": "SUSE Bug 1099502 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1099502"
},
{
"category": "external",
"summary": "SUSE Bug 1106692 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1106692"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1110163 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1110163"
},
{
"category": "external",
"summary": "SUSE Bug 1112097 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1112097"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0732",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "important"
}
],
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0737"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0737",
"url": "https://www.suse.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "SUSE Bug 1089039 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089039"
},
{
"category": "external",
"summary": "SUSE Bug 1089041 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089041"
},
{
"category": "external",
"summary": "SUSE Bug 1089044 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089044"
},
{
"category": "external",
"summary": "SUSE Bug 1089045 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089045"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1123780 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1123780"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-0737"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
},
{
"cve": "CVE-2019-1559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1559"
}
],
"notes": [
{
"category": "general",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1559",
"url": "https://www.suse.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "SUSE Bug 1127080 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1127080"
},
{
"category": "external",
"summary": "SUSE Bug 1130039 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1130039"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-1559",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:openssl-1.0.1i-27.34.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:openssl-doc-1.0.1i-27.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-18T16:29:26Z",
"details": "low"
}
],
"title": "CVE-2019-1559"
}
]
}
suse-su-2018:3864-1
Vulnerability from csaf_suse
Published
2018-11-22 15:26
Modified
2018-11-22 15:26
Summary
Security update for openssl
Notes
Title of the patch
Security update for openssl
Description of the patch
This update for openssl fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- CVE-2018-0737: Corrected the current error detection of the current fix (bsc#1106197).
- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).
- Add missing timing side channel patch for DSA signature generation (bsc#1113742).
- Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789).
Non-security issues fixed:
- Added openssl(cli) so that the packages that required the openssl binary can require this instead of the new openssl meta package (bsc#1101470).
Patchnames
SUSE-SLE-SERVER-12-SP1-2018-2762
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).\n- CVE-2018-0737: Corrected the current error detection of the current fix (bsc#1106197). \n- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).\n- Add missing timing side channel patch for DSA signature generation (bsc#1113742).\n- Fixed the \u0027One and Done\u0027 side-channel attack on RSA (bsc#1104789).\n\nNon-security issues fixed:\n\n- Added openssl(cli) so that the packages that required the openssl binary can require this instead of the new openssl meta package (bsc#1101470).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-SP1-2018-2762",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3864-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3864-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183864-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3864-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004873.html"
},
{
"category": "self",
"summary": "SUSE Bug 1101470",
"url": "https://bugzilla.suse.com/1101470"
},
{
"category": "self",
"summary": "SUSE Bug 1104789",
"url": "https://bugzilla.suse.com/1104789"
},
{
"category": "self",
"summary": "SUSE Bug 1106197",
"url": "https://bugzilla.suse.com/1106197"
},
{
"category": "self",
"summary": "SUSE Bug 1110018",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8610 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0737 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2018-11-22T15:26:23Z",
"generator": {
"date": "2018-11-22T15:26:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3864-1",
"initial_release_date": "2018-11-22T15:26:23Z",
"revision_history": [
{
"date": "2018-11-22T15:26:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssl-doc-1.0.1i-54.20.1.noarch",
"product": {
"name": "openssl-doc-1.0.1i-54.20.1.noarch",
"product_id": "openssl-doc-1.0.1i-54.20.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.1i-54.20.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.20.1.ppc64le",
"product": {
"name": "openssl-1.0.1i-54.20.1.ppc64le",
"product_id": "openssl-1.0.1i-54.20.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"product_id": "libopenssl1_0_0-1.0.1i-54.20.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.20.1.s390x",
"product": {
"name": "openssl-1.0.1i-54.20.1.s390x",
"product_id": "openssl-1.0.1i-54.20.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.1i-54.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.1i-54.20.1.x86_64",
"product": {
"name": "openssl-1.0.1i-54.20.1.x86_64",
"product_id": "openssl-1.0.1i-54.20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.20.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.1i-54.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le"
},
"product_reference": "openssl-1.0.1i-54.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.20.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x"
},
"product_reference": "openssl-1.0.1i-54.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.1i-54.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64"
},
"product_reference": "openssl-1.0.1i-54.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.1i-54.20.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
},
"product_reference": "openssl-doc-1.0.1i-54.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-8610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8610"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8610",
"url": "https://www.suse.com/security/cve/CVE-2016-8610"
},
{
"category": "external",
"summary": "SUSE Bug 1005878 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005878"
},
{
"category": "external",
"summary": "SUSE Bug 1005879 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005879"
},
{
"category": "external",
"summary": "SUSE Bug 1110018 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "external",
"summary": "SUSE Bug 1120592 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1120592"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1148697"
},
{
"category": "external",
"summary": "SUSE Bug 982575 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/982575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-22T15:26:23Z",
"details": "important"
}
],
"title": "CVE-2016-8610"
},
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-22T15:26:23Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0737"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0737",
"url": "https://www.suse.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "SUSE Bug 1089039 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089039"
},
{
"category": "external",
"summary": "SUSE Bug 1089041 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089041"
},
{
"category": "external",
"summary": "SUSE Bug 1089044 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089044"
},
{
"category": "external",
"summary": "SUSE Bug 1089045 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1089045"
},
{
"category": "external",
"summary": "SUSE Bug 1108542 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1108542"
},
{
"category": "external",
"summary": "SUSE Bug 1123780 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1123780"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0737",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-22T15:26:23Z",
"details": "moderate"
}
],
"title": "CVE-2018-0737"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.20.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-22T15:26:23Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
}
]
}
suse-su-2018:4274-1
Vulnerability from csaf_suse
Published
2018-12-27 08:06
Modified
2018-12-27 08:06
Summary
Security update for openssl
Notes
Title of the patch
Security update for openssl
Description of the patch
This update for openssl fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).
- Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789).
Patchnames
sdksp4-openssl-13918,sleposp3-openssl-13918,slessp3-openssl-13918,slessp4-openssl-13918,slestso13-openssl-13918
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).\n- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).\n- Fixed the \u0027One and Done\u0027 side-channel attack on RSA (bsc#1104789).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-openssl-13918,sleposp3-openssl-13918,slessp3-openssl-13918,slessp4-openssl-13918,slestso13-openssl-13918",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_4274-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:4274-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20184274-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:4274-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/005002.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104789",
"url": "https://bugzilla.suse.com/1104789"
},
{
"category": "self",
"summary": "SUSE Bug 1110018",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8610 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2018-12-27T08:06:44Z",
"generator": {
"date": "2018-12-27T08:06:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:4274-1",
"initial_release_date": "2018-12-27T08:06:44Z",
"revision_history": [
{
"date": "2018-12-27T08:06:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.18.1.i586",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.i586",
"product_id": "libopenssl-devel-0.9.8j-0.106.18.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.18.1.i586",
"product": {
"name": "openssl-0.9.8j-0.106.18.1.i586",
"product_id": "openssl-0.9.8j-0.106.18.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.18.1.i586",
"product": {
"name": "openssl-doc-0.9.8j-0.106.18.1.i586",
"product_id": "openssl-doc-0.9.8j-0.106.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"product_id": "libopenssl-devel-0.9.8j-0.106.18.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.18.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"product": {
"name": "libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"product_id": "libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.18.1.ia64",
"product": {
"name": "openssl-0.9.8j-0.106.18.1.ia64",
"product_id": "openssl-0.9.8j-0.106.18.1.ia64"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.18.1.ia64",
"product": {
"name": "openssl-doc-0.9.8j-0.106.18.1.ia64",
"product_id": "openssl-doc-0.9.8j-0.106.18.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"product_id": "libopenssl-devel-0.9.8j-0.106.18.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"product": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"product_id": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.18.1.ppc64",
"product": {
"name": "openssl-0.9.8j-0.106.18.1.ppc64",
"product_id": "openssl-0.9.8j-0.106.18.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.18.1.ppc64",
"product": {
"name": "openssl-doc-0.9.8j-0.106.18.1.ppc64",
"product_id": "openssl-doc-0.9.8j-0.106.18.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"product_id": "libopenssl-devel-0.9.8j-0.106.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"product": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"product_id": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.18.1.s390x",
"product": {
"name": "openssl-0.9.8j-0.106.18.1.s390x",
"product_id": "openssl-0.9.8j-0.106.18.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.18.1.s390x",
"product": {
"name": "openssl-doc-0.9.8j-0.106.18.1.s390x",
"product_id": "openssl-doc-0.9.8j-0.106.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"product": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"product_id": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"product": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"product_id": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"product_id": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"product": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"product_id": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"product": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"product_id": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-0.9.8j-0.106.18.1.x86_64",
"product": {
"name": "openssl-0.9.8j-0.106.18.1.x86_64",
"product_id": "openssl-0.9.8j-0.106.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-doc-0.9.8j-0.106.18.1.x86_64",
"product": {
"name": "openssl-doc-0.9.8j-0.106.18.1.x86_64",
"product_id": "openssl-doc-0.9.8j-0.106.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.18.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.i586"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "openssl-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-0.9.8j-0.106.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "openssl-doc-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
},
"product_reference": "libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-8610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8610"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8610",
"url": "https://www.suse.com/security/cve/CVE-2016-8610"
},
{
"category": "external",
"summary": "SUSE Bug 1005878 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005878"
},
{
"category": "external",
"summary": "SUSE Bug 1005879 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005879"
},
{
"category": "external",
"summary": "SUSE Bug 1110018 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "external",
"summary": "SUSE Bug 1120592 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1120592"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1148697"
},
{
"category": "external",
"summary": "SUSE Bug 982575 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/982575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-27T08:06:44Z",
"details": "important"
}
],
"title": "CVE-2016-8610"
},
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-27T08:06:44Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libopenssl0_9_8-x86-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:openssl-doc-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-0.9.8j-0.106.18.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libopenssl-devel-32bit-0.9.8j-0.106.18.1.x86_64",
"SUSE Studio Onsite 1.3:libopenssl-devel-0.9.8j-0.106.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-27T08:06:44Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
}
]
}
suse-su-2018:3866-1
Vulnerability from csaf_suse
Published
2018-11-22 15:25
Modified
2018-11-22 15:25
Summary
Security update for openssl
Notes
Title of the patch
Security update for openssl
Description of the patch
This update for openssl fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- Add missing timing side channel patch for DSA signature generation (bsc#1113742).
Non-security issues fixed:
- Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209).
Patchnames
SUSE-OpenStack-Cloud-7-2018-2760,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2760,SUSE-SLE-DESKTOP-12-SP3-2018-2760,SUSE-SLE-SAP-12-SP2-2018-2760,SUSE-SLE-SDK-12-SP3-2018-2760,SUSE-SLE-SERVER-12-SP2-2018-2760,SUSE-SLE-SERVER-12-SP2-BCL-2018-2760,SUSE-SLE-SERVER-12-SP3-2018-2760,SUSE-Storage-4-2018-2760
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).\n- Add missing timing side channel patch for DSA signature generation (bsc#1113742).\n\nNon-security issues fixed:\n\n- Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-2760,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2760,SUSE-SLE-DESKTOP-12-SP3-2018-2760,SUSE-SLE-SAP-12-SP2-2018-2760,SUSE-SLE-SDK-12-SP3-2018-2760,SUSE-SLE-SERVER-12-SP2-2018-2760,SUSE-SLE-SERVER-12-SP2-BCL-2018-2760,SUSE-SLE-SERVER-12-SP3-2018-2760,SUSE-Storage-4-2018-2760",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3866-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3866-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183866-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3866-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004875.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112209",
"url": "https://bugzilla.suse.com/1112209"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE Bug 1113742",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
}
],
"title": "Security update for openssl",
"tracking": {
"current_release_date": "2018-11-22T15:25:57Z",
"generator": {
"date": "2018-11-22T15:25:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3866-1",
"initial_release_date": "2018-11-22T15:25:57Z",
"revision_history": [
{
"date": "2018-11-22T15:25:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.46.1.aarch64",
"product": {
"name": "libopenssl-devel-1.0.2j-60.46.1.aarch64",
"product_id": "libopenssl-devel-1.0.2j-60.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"product_id": "libopenssl1_0_0-1.0.2j-60.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.46.1.aarch64",
"product": {
"name": "openssl-1.0.2j-60.46.1.aarch64",
"product_id": "openssl-1.0.2j-60.46.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-doc-1.0.2j-60.46.1.noarch",
"product": {
"name": "openssl-doc-1.0.2j-60.46.1.noarch",
"product_id": "openssl-doc-1.0.2j-60.46.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"product": {
"name": "libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"product_id": "libopenssl-devel-1.0.2j-60.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"product_id": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.46.1.ppc64le",
"product": {
"name": "openssl-1.0.2j-60.46.1.ppc64le",
"product_id": "openssl-1.0.2j-60.46.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.46.1.s390x",
"product": {
"name": "libopenssl-devel-1.0.2j-60.46.1.s390x",
"product_id": "libopenssl-devel-1.0.2j-60.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"product_id": "libopenssl1_0_0-1.0.2j-60.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"product_id": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.46.1.s390x",
"product": {
"name": "openssl-1.0.2j-60.46.1.s390x",
"product_id": "openssl-1.0.2j-60.46.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"product": {
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"product_id": "libopenssl-devel-1.0.2j-60.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"product": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"product_id": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"product": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"product_id": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"product": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"product_id": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1.0.2j-60.46.1.x86_64",
"product": {
"name": "openssl-1.0.2j-60.46.1.x86_64",
"product_id": "openssl-1.0.2j-60.46.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.46.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.46.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.46.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.46.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.46.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.46.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.46.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.46.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.46.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.46.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.aarch64"
},
"product_reference": "openssl-1.0.2j-60.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.46.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.aarch64"
},
"product_reference": "openssl-1.0.2j-60.46.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.ppc64le"
},
"product_reference": "openssl-1.0.2j-60.46.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.s390x"
},
"product_reference": "openssl-1.0.2j-60.46.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.46.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-devel-1.0.2j-60.46.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl-devel-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64"
},
"product_reference": "libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1.0.2j-60.46.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:openssl-1.0.2j-60.46.1.x86_64"
},
"product_reference": "openssl-1.0.2j-60.46.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-doc-1.0.2j-60.46.1.noarch as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.46.1.noarch"
},
"product_reference": "openssl-doc-1.0.2j-60.46.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.46.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.46.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.46.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-22T15:25:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.46.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.46.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Enterprise Storage 4:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.46.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.46.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.s390x",
"SUSE OpenStack Cloud 7:openssl-1.0.2j-60.46.1.x86_64",
"SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.46.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-22T15:25:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
}
]
}
suse-su-2018:4068-1
Vulnerability from csaf_suse
Published
2018-12-11 08:21
Modified
2018-12-11 08:21
Summary
Security update for compat-openssl098
Notes
Title of the patch
Security update for compat-openssl098
Description of the patch
This update for compat-openssl098 fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).
- Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789).
Patchnames
SUSE-SLE-DESKTOP-12-SP3-2018-2893,SUSE-SLE-DESKTOP-12-SP4-2018-2893,SUSE-SLE-Module-Legacy-12-2018-2893,SUSE-SLE-SAP-12-SP1-2018-2893,SUSE-SLE-SAP-12-SP2-2018-2893,SUSE-SLE-SAP-12-SP3-2018-2893,SUSE-SLE-SAP-12-SP4-2018-2893
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for compat-openssl098",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for compat-openssl098 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).\n- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).\n- Fixed the \u0027One and Done\u0027 side-channel attack on RSA (bsc#1104789).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP3-2018-2893,SUSE-SLE-DESKTOP-12-SP4-2018-2893,SUSE-SLE-Module-Legacy-12-2018-2893,SUSE-SLE-SAP-12-SP1-2018-2893,SUSE-SLE-SAP-12-SP2-2018-2893,SUSE-SLE-SAP-12-SP3-2018-2893,SUSE-SLE-SAP-12-SP4-2018-2893",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_4068-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:4068-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20184068-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:4068-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004950.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104789",
"url": "https://bugzilla.suse.com/1104789"
},
{
"category": "self",
"summary": "SUSE Bug 1110018",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8610 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
}
],
"title": "Security update for compat-openssl098",
"tracking": {
"current_release_date": "2018-12-11T08:21:22Z",
"generator": {
"date": "2018-12-11T08:21:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:4068-1",
"initial_release_date": "2018-12-11T08:21:22Z",
"revision_history": [
{
"date": "2018-12-11T08:21:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"product": {
"name": "libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"product_id": "libopenssl0_9_8-0.9.8j-106.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"product": {
"name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"product_id": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"product": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"product_id": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 12",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.9.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
"product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
},
"product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-8610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8610"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8610",
"url": "https://www.suse.com/security/cve/CVE-2016-8610"
},
{
"category": "external",
"summary": "SUSE Bug 1005878 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005878"
},
{
"category": "external",
"summary": "SUSE Bug 1005879 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1005879"
},
{
"category": "external",
"summary": "SUSE Bug 1110018 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1110018"
},
{
"category": "external",
"summary": "SUSE Bug 1120592 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1120592"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/1148697"
},
{
"category": "external",
"summary": "SUSE Bug 982575 for CVE-2016-8610",
"url": "https://bugzilla.suse.com/982575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-11T08:21:22Z",
"details": "important"
}
],
"title": "CVE-2016-8610"
},
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-11T08:21:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
"SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-11T08:21:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
}
]
}
suse-su-2019:0395-1
Vulnerability from csaf_suse
Published
2019-02-14 13:59
Modified
2019-02-14 13:59
Summary
Security update for nodejs6
Notes
Title of the patch
Security update for nodejs6
Description of the patch
This update for nodejs6 to version 6.16.0 fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652)
- CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka 'PortSmash') (bsc#1113534)
- CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625)
- CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626)
- CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service (bsc#1117627)
- CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)
- CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629)
Patchnames
SUSE-2019-395,SUSE-OpenStack-Cloud-7-2019-395,SUSE-OpenStack-Cloud-Crowbar-8-2019-395,SUSE-SLE-Module-Web-Scripting-12-2019-395,SUSE-Storage-4-2019-395
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs6",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs6 to version 6.16.0 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652)\n- CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka \u0027PortSmash\u0027) (bsc#1113534)\n- CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625)\n- CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626)\n- CVE-2018-12122: Fixed the \u0027Slowloris\u0027 HTTP Denial of Service (bsc#1117627)\n- CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n- CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-395,SUSE-OpenStack-Cloud-7-2019-395,SUSE-OpenStack-Cloud-Crowbar-8-2019-395,SUSE-SLE-Module-Web-Scripting-12-2019-395,SUSE-Storage-4-2019-395",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0395-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0395-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190395-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0395-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005121.html"
},
{
"category": "self",
"summary": "SUSE Bug 1113534",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE Bug 1117625",
"url": "https://bugzilla.suse.com/1117625"
},
{
"category": "self",
"summary": "SUSE Bug 1117626",
"url": "https://bugzilla.suse.com/1117626"
},
{
"category": "self",
"summary": "SUSE Bug 1117627",
"url": "https://bugzilla.suse.com/1117627"
},
{
"category": "self",
"summary": "SUSE Bug 1117629",
"url": "https://bugzilla.suse.com/1117629"
},
{
"category": "self",
"summary": "SUSE Bug 1117630",
"url": "https://bugzilla.suse.com/1117630"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12116 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12120 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12121 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12123 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5407/"
}
],
"title": "Security update for nodejs6",
"tracking": {
"current_release_date": "2019-02-14T13:59:06Z",
"generator": {
"date": "2019-02-14T13:59:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0395-1",
"initial_release_date": "2019-02-14T13:59:06Z",
"revision_history": [
{
"date": "2019-02-14T13:59:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.16.0-11.21.1.aarch64",
"product": {
"name": "nodejs6-6.16.0-11.21.1.aarch64",
"product_id": "nodejs6-6.16.0-11.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.16.0-11.21.1.aarch64",
"product": {
"name": "nodejs6-devel-6.16.0-11.21.1.aarch64",
"product_id": "nodejs6-devel-6.16.0-11.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm6-6.16.0-11.21.1.aarch64",
"product": {
"name": "npm6-6.16.0-11.21.1.aarch64",
"product_id": "npm6-6.16.0-11.21.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.16.0-11.21.1.i586",
"product": {
"name": "nodejs6-6.16.0-11.21.1.i586",
"product_id": "nodejs6-6.16.0-11.21.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.16.0-11.21.1.i586",
"product": {
"name": "nodejs6-devel-6.16.0-11.21.1.i586",
"product_id": "nodejs6-devel-6.16.0-11.21.1.i586"
}
},
{
"category": "product_version",
"name": "npm6-6.16.0-11.21.1.i586",
"product": {
"name": "npm6-6.16.0-11.21.1.i586",
"product_id": "npm6-6.16.0-11.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-docs-6.16.0-11.21.1.noarch",
"product": {
"name": "nodejs6-docs-6.16.0-11.21.1.noarch",
"product_id": "nodejs6-docs-6.16.0-11.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.16.0-11.21.1.ppc64le",
"product": {
"name": "nodejs6-6.16.0-11.21.1.ppc64le",
"product_id": "nodejs6-6.16.0-11.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.16.0-11.21.1.ppc64le",
"product": {
"name": "nodejs6-devel-6.16.0-11.21.1.ppc64le",
"product_id": "nodejs6-devel-6.16.0-11.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm6-6.16.0-11.21.1.ppc64le",
"product": {
"name": "npm6-6.16.0-11.21.1.ppc64le",
"product_id": "npm6-6.16.0-11.21.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.16.0-11.21.1.s390",
"product": {
"name": "nodejs6-6.16.0-11.21.1.s390",
"product_id": "nodejs6-6.16.0-11.21.1.s390"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.16.0-11.21.1.s390",
"product": {
"name": "nodejs6-devel-6.16.0-11.21.1.s390",
"product_id": "nodejs6-devel-6.16.0-11.21.1.s390"
}
},
{
"category": "product_version",
"name": "npm6-6.16.0-11.21.1.s390",
"product": {
"name": "npm6-6.16.0-11.21.1.s390",
"product_id": "npm6-6.16.0-11.21.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.16.0-11.21.1.s390x",
"product": {
"name": "nodejs6-6.16.0-11.21.1.s390x",
"product_id": "nodejs6-6.16.0-11.21.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.16.0-11.21.1.s390x",
"product": {
"name": "nodejs6-devel-6.16.0-11.21.1.s390x",
"product_id": "nodejs6-devel-6.16.0-11.21.1.s390x"
}
},
{
"category": "product_version",
"name": "npm6-6.16.0-11.21.1.s390x",
"product": {
"name": "npm6-6.16.0-11.21.1.s390x",
"product_id": "npm6-6.16.0-11.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs6-6.16.0-11.21.1.x86_64",
"product": {
"name": "nodejs6-6.16.0-11.21.1.x86_64",
"product_id": "nodejs6-6.16.0-11.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs6-devel-6.16.0-11.21.1.x86_64",
"product": {
"name": "nodejs6-devel-6.16.0-11.21.1.x86_64",
"product_id": "nodejs6-devel-6.16.0-11.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm6-6.16.0-11.21.1.x86_64",
"product": {
"name": "npm6-6.16.0-11.21.1.x86_64",
"product_id": "npm6-6.16.0-11.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.16.0-11.21.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64"
},
"product_reference": "nodejs6-6.16.0-11.21.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.16.0-11.21.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x"
},
"product_reference": "nodejs6-6.16.0-11.21.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.16.0-11.21.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64"
},
"product_reference": "nodejs6-6.16.0-11.21.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.16.0-11.21.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
},
"product_reference": "nodejs6-6.16.0-11.21.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.16.0-11.21.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64"
},
"product_reference": "nodejs6-6.16.0-11.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.16.0-11.21.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le"
},
"product_reference": "nodejs6-6.16.0-11.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.16.0-11.21.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x"
},
"product_reference": "nodejs6-6.16.0-11.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.16.0-11.21.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64"
},
"product_reference": "nodejs6-6.16.0-11.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-devel-6.16.0-11.21.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64"
},
"product_reference": "nodejs6-devel-6.16.0-11.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-devel-6.16.0-11.21.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le"
},
"product_reference": "nodejs6-devel-6.16.0-11.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-devel-6.16.0-11.21.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x"
},
"product_reference": "nodejs6-devel-6.16.0-11.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-devel-6.16.0-11.21.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64"
},
"product_reference": "nodejs6-devel-6.16.0-11.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-docs-6.16.0-11.21.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch"
},
"product_reference": "nodejs6-docs-6.16.0-11.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm6-6.16.0-11.21.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64"
},
"product_reference": "npm6-6.16.0-11.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm6-6.16.0-11.21.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le"
},
"product_reference": "npm6-6.16.0-11.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm6-6.16.0-11.21.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x"
},
"product_reference": "npm6-6.16.0-11.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm6-6.16.0-11.21.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64"
},
"product_reference": "npm6-6.16.0-11.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.16.0-11.21.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64"
},
"product_reference": "nodejs6-6.16.0-11.21.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs6-6.16.0-11.21.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64"
},
"product_reference": "nodejs6-6.16.0-11.21.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-14T13:59:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-12116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12116"
}
],
"notes": [
{
"category": "general",
"text": "Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12116",
"url": "https://www.suse.com/security/cve/CVE-2018-12116"
},
{
"category": "external",
"summary": "SUSE Bug 1117630 for CVE-2018-12116",
"url": "https://bugzilla.suse.com/1117630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-14T13:59:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-12116"
},
{
"cve": "CVE-2018-12120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12120"
}
],
"notes": [
{
"category": "general",
"text": "Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12120",
"url": "https://www.suse.com/security/cve/CVE-2018-12120"
},
{
"category": "external",
"summary": "SUSE Bug 1117625 for CVE-2018-12120",
"url": "https://bugzilla.suse.com/1117625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-14T13:59:06Z",
"details": "critical"
}
],
"title": "CVE-2018-12120"
},
{
"cve": "CVE-2018-12121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12121"
}
],
"notes": [
{
"category": "general",
"text": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12121",
"url": "https://www.suse.com/security/cve/CVE-2018-12121"
},
{
"category": "external",
"summary": "SUSE Bug 1117626 for CVE-2018-12121",
"url": "https://bugzilla.suse.com/1117626"
},
{
"category": "external",
"summary": "SUSE Bug 1127532 for CVE-2018-12121",
"url": "https://bugzilla.suse.com/1127532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-14T13:59:06Z",
"details": "important"
}
],
"title": "CVE-2018-12121"
},
{
"cve": "CVE-2018-12122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12122"
}
],
"notes": [
{
"category": "general",
"text": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12122",
"url": "https://www.suse.com/security/cve/CVE-2018-12122"
},
{
"category": "external",
"summary": "SUSE Bug 1117627 for CVE-2018-12122",
"url": "https://bugzilla.suse.com/1117627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-14T13:59:06Z",
"details": "important"
}
],
"title": "CVE-2018-12122"
},
{
"cve": "CVE-2018-12123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12123"
}
],
"notes": [
{
"category": "general",
"text": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12123",
"url": "https://www.suse.com/security/cve/CVE-2018-12123"
},
{
"category": "external",
"summary": "SUSE Bug 1117629 for CVE-2018-12123",
"url": "https://bugzilla.suse.com/1117629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-14T13:59:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-12123"
},
{
"cve": "CVE-2018-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5407"
}
],
"notes": [
{
"category": "general",
"text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5407",
"url": "https://www.suse.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1116195 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1116195"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-5407",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.aarch64",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.s390x",
"SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-14T13:59:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-5407"
}
]
}
fkie_cve-2018-5407
Vulnerability from fkie_nvd
Published
2018-11-15 21:29
Modified
2024-11-21 04:08
Severity ?
Summary
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.securityfocus.com/bid/105897 | Third Party Advisory, VDB Entry | |
| cret@cert.org | https://access.redhat.com/errata/RHSA-2019:0483 | Third Party Advisory | |
| cret@cert.org | https://access.redhat.com/errata/RHSA-2019:0651 | Third Party Advisory | |
| cret@cert.org | https://access.redhat.com/errata/RHSA-2019:0652 | Third Party Advisory | |
| cret@cert.org | https://access.redhat.com/errata/RHSA-2019:2125 | Third Party Advisory | |
| cret@cert.org | https://access.redhat.com/errata/RHSA-2019:3929 | Third Party Advisory | |
| cret@cert.org | https://access.redhat.com/errata/RHSA-2019:3931 | Third Party Advisory | |
| cret@cert.org | https://access.redhat.com/errata/RHSA-2019:3932 | Third Party Advisory | |
| cret@cert.org | https://access.redhat.com/errata/RHSA-2019:3933 | Third Party Advisory | |
| cret@cert.org | https://access.redhat.com/errata/RHSA-2019:3935 | Third Party Advisory | |
| cret@cert.org | https://eprint.iacr.org/2018/1060.pdf | Technical Description, Third Party Advisory | |
| cret@cert.org | https://github.com/bbbrumley/portsmash | Exploit, Third Party Advisory | |
| cret@cert.org | https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html | Mailing List, Third Party Advisory | |
| cret@cert.org | https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ | Third Party Advisory | |
| cret@cert.org | https://security.gentoo.org/glsa/201903-10 | Third Party Advisory | |
| cret@cert.org | https://security.netapp.com/advisory/ntap-20181126-0001/ | Third Party Advisory | |
| cret@cert.org | https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS | ||
| cret@cert.org | https://usn.ubuntu.com/3840-1/ | Third Party Advisory | |
| cret@cert.org | https://www.debian.org/security/2018/dsa-4348 | Third Party Advisory | |
| cret@cert.org | https://www.debian.org/security/2018/dsa-4355 | Third Party Advisory | |
| cret@cert.org | https://www.exploit-db.com/exploits/45785/ | Exploit, Third Party Advisory, VDB Entry | |
| cret@cert.org | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Third Party Advisory | |
| cret@cert.org | https://www.oracle.com/security-alerts/cpujan2020.html | Patch, Third Party Advisory | |
| cret@cert.org | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| cret@cert.org | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Vendor Advisory | |
| cret@cert.org | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| cret@cert.org | https://www.tenable.com/security/tns-2018-16 | Third Party Advisory | |
| cret@cert.org | https://www.tenable.com/security/tns-2018-17 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105897 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0483 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0651 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0652 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2125 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3929 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3931 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3932 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3933 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3935 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://eprint.iacr.org/2018/1060.pdf | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bbbrumley/portsmash | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201903-10 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20181126-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3840-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4348 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4355 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/45785/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2018-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2018-17 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| openssl | openssl | * | |
| openssl | openssl | * | |
| tenable | nessus | * | |
| oracle | api_gateway | 11.1.2.4.0 | |
| oracle | application_server | 0.9.8 | |
| oracle | application_server | 1.0.0 | |
| oracle | application_server | 1.0.1 | |
| oracle | enterprise_manager_base_platform | 12.1.0.5.0 | |
| oracle | enterprise_manager_base_platform | 13.2.0.0.0 | |
| oracle | enterprise_manager_base_platform | 13.3.0.0.0 | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | mysql_enterprise_backup | * | |
| oracle | mysql_enterprise_backup | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.55 | |
| oracle | peoplesoft_enterprise_peopletools | 8.56 | |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | * | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 8.4 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 15.1 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 15.2 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 16.1 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 16.2 | |
| oracle | primavera_p6_enterprise_project_portfolio_management | 18.8 | |
| oracle | tuxedo | 12.1.1.0.0 | |
| oracle | vm_virtualbox | * | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server | 7.6 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F608F84-5A94-4DC1-A7B8-E19028F96A40",
"versionEndExcluding": "6.14.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468A9D35-95E1-473B-A5D3-9BD78818F599",
"versionEndExcluding": "8.11.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A01678-361E-4F23-B7D6-41B0C145F491",
"versionEndExcluding": "10.9.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF92E05-808F-4D22-BD55-3571BF46889F",
"versionEndExcluding": "1.0.2q",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B64CB987-8B48-4B65-BC6A-B39F1F69F4B7",
"versionEndExcluding": "1.1.0i",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB469FA-ECF9-42D8-8CF0-7C8B426FD7B2",
"versionEndExcluding": "8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BD941CDF-8486-43F7-9D98-2B8785B1B139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE18990-1FC9-4624-971B-2E87BF0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C29F2D-CBE6-4E22-98AE-787E939ED161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2049488-5CE2-4C56-8B0E-BA7C499A7372",
"versionEndIncluding": "3.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81B25011-AEFA-453D-AF1E-5945AB625767",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "3.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1E1023-2EB9-4334-9B74-CA71480F71C2",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84BF6794-2CE6-407F-B8E0-81871AB7B40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F021C23-AB9B-4877-833F-D01359A98762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8ED016-32A1-42EE-844E-3E6B2C116B74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A046CC2C-445F-4336-8810-930570B4FEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0745445C-EC43-4091-BA7C-5105AFCC6F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B52550D1-38F6-4AAC-BE68-487F7D6DB2D8",
"versionEndExcluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
},
{
"lang": "es",
"value": "SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronizaci\u00f3n mediante un ataques de sincronizaci\u00f3n de canal lateral en la \"contenci\u00f3n de puertos\"."
}
],
"id": "CVE-2018-5407",
"lastModified": "2024-11-21T04:08:45.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-15T21:29:00.233",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105897"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bbbrumley/portsmash"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bbbrumley/portsmash"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-17"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
rhsa-2019:3935
Vulnerability from csaf_redhat
Published
2019-11-20 16:08
Modified
2025-08-06 05:01
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.37 zip release
for RHEL 6, RHEL 7 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Pack Apache Server 2.4.37 zip release\nfor RHEL 6, RHEL 7 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3935",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "JBCS-798",
"url": "https://issues.redhat.com/browse/JBCS-798"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3935.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
"tracking": {
"current_release_date": "2025-08-06T05:01:09+00:00",
"generator": {
"date": "2025-08-06T05:01:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3935",
"initial_release_date": "2019-11-20T16:08:18+00:00",
"revision_history": [
{
"date": "2019-11-20T16:08:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-06T13:01:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-06T05:01:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only JBCS",
"product": {
"name": "Text-Only JBCS",
"product_id": "Text-Only JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644364"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the DSA signature algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "RHBZ#1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the DSA signature algorithm"
},
{
"cve": "CVE-2018-0737",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1568253"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "RHBZ#1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3",
"url": "http://www.openwall.com/lists/oss-security/2018/04/16/3"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180416.txt",
"url": "https://www.openssl.org/news/secadv/20180416.txt"
}
],
"release_date": "2018-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys"
},
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2018-17189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668497"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17189"
},
{
"category": "external",
"summary": "RHBZ#1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
},
{
"cve": "CVE-2018-17199",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668493"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_session_cookie does not respect expiry time",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17199"
},
{
"category": "external",
"summary": "RHBZ#1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_session_cookie does not respect expiry time"
},
{
"cve": "CVE-2019-0196",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695030"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: read-after-free on a string compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0196"
},
{
"category": "external",
"summary": "RHBZ#1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: read-after-free on a string compare"
},
{
"cve": "CVE-2019-0197",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695042"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: possible crash on late upgrade",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0197"
},
{
"category": "external",
"summary": "RHBZ#1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: possible crash on late upgrade"
},
{
"cve": "CVE-2019-0217",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695020"
}
],
"notes": [
{
"category": "description",
"text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_auth_digest: access control bypass due to race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0217"
},
{
"category": "external",
"summary": "RHBZ#1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_auth_digest: access control bypass due to race condition"
},
{
"cve": "CVE-2019-9511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741860"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: large amount of data requests leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "RHBZ#1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: large amount of data requests leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9513",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "RHBZ#1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
"url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-9516",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: 0-length headers lead to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "RHBZ#1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
"url": "https://github.com/nghttp2/nghttp2/issues/1382#"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: 0-length headers lead to denial of service"
},
{
"cve": "CVE-2019-9517",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741868"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: request for large response leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "RHBZ#1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: request for large response leads to denial of service"
}
]
}
rhsa-2019:3929
Vulnerability from csaf_redhat
Published
2019-11-20 16:08
Modified
2025-08-03 21:32
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release
Notes
Topic
Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.
Security Fix(es):
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072)
* tomcat: XSS in SSI printenv (CVE-2019-0221)
* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3929",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3929.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release",
"tracking": {
"current_release_date": "2025-08-03T21:32:07+00:00",
"generator": {
"date": "2025-08-03T21:32:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3929",
"initial_release_date": "2019-11-20T16:08:26+00:00",
"revision_history": [
{
"date": "2019-11-20T16:08:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-02T16:26:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T21:32:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.2 for RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el6jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el8jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"product": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"product": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"product": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"product": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"product": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"product": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el7jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el6jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el8jws?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el8jws?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"product": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"product": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el6jws?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch"
},
"product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch"
},
"product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
"product_id": "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"relates_to_product_reference": "6Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch"
},
"product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch"
},
"product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
"product_id": "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src"
},
"product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src"
},
"product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src"
},
"product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src"
},
"product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch"
},
"product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch"
},
"product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64"
},
"product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src"
},
"product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
"product_id": "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2019-0199",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat HTTP/2 DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0199"
},
{
"category": "external",
"summary": "RHBZ#1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0199",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199"
}
],
"release_date": "2019-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Apache Tomcat HTTP/2 DoS"
},
{
"cve": "CVE-2019-0221",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713275"
}
],
"notes": [
{
"category": "description",
"text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: XSS in SSI printenv",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0221"
},
{
"category": "external",
"summary": "RHBZ#1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221"
}
],
"release_date": "2019-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: XSS in SSI printenv"
},
{
"cve": "CVE-2019-0232",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Apache Tomcat, where a Java Runtime Environment can pass a command-line argument in the Windows operating system. The execution of arbitrary commands via Tomcat\u2019s Common Gateway Interface (CGI) Servlet, allows an attacker to perform remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is specific to the Windows platform\u0027s treatment of file names and how they must be quoted. Tomcat running on Linux hosts is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0232"
},
{
"category": "external",
"summary": "RHBZ#1701056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0232"
}
],
"release_date": "2019-04-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution on Windows"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"cve": "CVE-2019-10072",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1723708"
}
],
"notes": [
{
"category": "description",
"text": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10072"
},
{
"category": "external",
"summary": "RHBZ#1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10072",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"category": "workaround",
"details": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"product_ids": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
"6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
"6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
"6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
"6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
"6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
"6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
"7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
"7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
"7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
"7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
"7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
"8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
"8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
"8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
"8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
"8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199"
}
]
}
rhsa-2019:3932
Vulnerability from csaf_redhat
Published
2019-11-20 16:22
Modified
2025-08-06 05:01
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6
Notes
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3932",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "JBCS-798",
"url": "https://issues.redhat.com/browse/JBCS-798"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3932.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
"tracking": {
"current_release_date": "2025-08-06T05:01:23+00:00",
"generator": {
"date": "2025-08-06T05:01:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3932",
"initial_release_date": "2019-11-20T16:22:09+00:00",
"revision_history": [
{
"date": "2019-11-20T16:22:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-06T13:05:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-06T05:01:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-22.redhat_1.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-33.jbcs.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644364"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the DSA signature algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "RHBZ#1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the DSA signature algorithm"
},
{
"cve": "CVE-2018-0737",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1568253"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "RHBZ#1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3",
"url": "http://www.openwall.com/lists/oss-security/2018/04/16/3"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180416.txt",
"url": "https://www.openssl.org/news/secadv/20180416.txt"
}
],
"release_date": "2018-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys"
},
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2018-17189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668497"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17189"
},
{
"category": "external",
"summary": "RHBZ#1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
},
{
"cve": "CVE-2018-17199",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668493"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_session_cookie does not respect expiry time",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17199"
},
{
"category": "external",
"summary": "RHBZ#1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_session_cookie does not respect expiry time"
},
{
"cve": "CVE-2019-0196",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695030"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: read-after-free on a string compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0196"
},
{
"category": "external",
"summary": "RHBZ#1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: read-after-free on a string compare"
},
{
"cve": "CVE-2019-0197",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695042"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: possible crash on late upgrade",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0197"
},
{
"category": "external",
"summary": "RHBZ#1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: possible crash on late upgrade"
},
{
"cve": "CVE-2019-0217",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695020"
}
],
"notes": [
{
"category": "description",
"text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_auth_digest: access control bypass due to race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0217"
},
{
"category": "external",
"summary": "RHBZ#1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_auth_digest: access control bypass due to race condition"
},
{
"cve": "CVE-2019-9511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741860"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: large amount of data requests leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "RHBZ#1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: large amount of data requests leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9513",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "RHBZ#1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
"url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-9516",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: 0-length headers lead to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "RHBZ#1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
"url": "https://github.com/nghttp2/nghttp2/issues/1382#"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: 0-length headers lead to denial of service"
},
{
"cve": "CVE-2019-9517",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741868"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: request for large response leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "RHBZ#1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: request for large response leads to denial of service"
}
]
}
rhsa-2019:2125
Vulnerability from csaf_redhat
Published
2019-08-06 12:11
Modified
2025-08-03 19:15
Summary
Red Hat Security Advisory: ovmf security and enhancement update
Notes
Topic
An update for ovmf is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
* edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)
* edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)
* edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)
* edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)
* edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)
* edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
* edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)
* edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)
* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ovmf is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.\n\nSecurity Fix(es):\n\n* edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)\n\n* edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)\n\n* edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)\n\n* edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)\n\n* edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)\n\n* edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)\n\n* edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)\n\n* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2125",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"category": "external",
"summary": "1641433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641433"
},
{
"category": "external",
"summary": "1641442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641442"
},
{
"category": "external",
"summary": "1641446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641446"
},
{
"category": "external",
"summary": "1641450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641450"
},
{
"category": "external",
"summary": "1641458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641458"
},
{
"category": "external",
"summary": "1641465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1686783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783"
},
{
"category": "external",
"summary": "1691640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640"
},
{
"category": "external",
"summary": "1694065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2125.json"
}
],
"title": "Red Hat Security Advisory: ovmf security and enhancement update",
"tracking": {
"current_release_date": "2025-08-03T19:15:54+00:00",
"generator": {
"date": "2025-08-03T19:15:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:2125",
"initial_release_date": "2019-08-06T12:11:30+00:00",
"revision_history": [
{
"date": "2019-08-06T12:11:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-06T12:11:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T19:15:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"product": {
"name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"product_id": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/OVMF@20180508-6.gitee3198e672e2.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
"product": {
"name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
"product_id": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovmf@20180508-6.gitee3198e672e2.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch"
},
"product_reference": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
},
"product_reference": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
"relates_to_product_reference": "7Server-7.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5731",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641442"
}
],
"notes": [
{
"category": "description",
"text": "Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Privilege escalation via processing of malformed files in TianoCompress.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5731"
},
{
"category": "external",
"summary": "RHBZ#1641442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641442"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5731",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:11:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Privilege escalation via processing of malformed files in TianoCompress.c"
},
{
"cve": "CVE-2017-5732",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641446"
}
],
"notes": [
{
"category": "description",
"text": "[REJECTED CVE] A vulnerability exists in EDK-2 within BaseUefiDecompressLib.c (MdePkg/Library/BaseUefiDecompressLib). An authenticated attacker could exploit this vulnerability by supplying a crafted file, potentially leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5732"
},
{
"category": "external",
"summary": "RHBZ#1641446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5732",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5732"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:11:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c"
},
{
"cve": "CVE-2017-5733",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641450"
}
],
"notes": [
{
"category": "description",
"text": "[REJECTED CVE] A heap-based buffer overflow vulnerability exists in EDK II within the MakeTable() function of BaseUefiDecompressLib.c, TianoCompress.c, and the UEFI specification. An authenticated attacker could exploit this flaw by supplying a crafted file, potentially leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5733"
},
{
"category": "external",
"summary": "RHBZ#1641450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5733",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5733"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:11:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function"
},
{
"cve": "CVE-2017-5734",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641458"
}
],
"notes": [
{
"category": "description",
"text": "[REJECTED CVE] A stack-based buffer overflow vulnerability was identified in EDK-2 within the MakeTable() function of BaseUefiDecompressLib.c, TianoCompress.c, and the UEFI specification. An authenticated attacker could exploit this vulnerability by supplying a crafted file, potentially leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5734"
},
{
"category": "external",
"summary": "RHBZ#1641458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5734",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5734"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:11:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function"
},
{
"cve": "CVE-2017-5735",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641465"
}
],
"notes": [
{
"category": "description",
"text": "[REJECTED CVE] A heap-based buffer overflow issue was identified in EDK2 in the Decode() function of BaseUefiDecompressLib.c, TianoCompress.c and UEFI Specification. The issue arises from improper handling of data, which could allow an authenticated attacker to exploit it by supplying a crafted file. This could lead to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Privilege escalation via heap-based buffer overflow in Decode() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5735"
},
{
"category": "external",
"summary": "RHBZ#1641465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5735"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:11:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Privilege escalation via heap-based buffer overflow in Decode() function"
},
{
"cve": "CVE-2018-3613",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641433"
}
],
"notes": [
{
"category": "description",
"text": "Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-3613"
},
{
"category": "external",
"summary": "RHBZ#1641433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3613"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:11:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users"
},
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:11:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2018-12181",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2019-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686783"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 16(2^4) or 256(2^8) colors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Stack buffer overflow with corrupted BMP",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12181"
},
{
"category": "external",
"summary": "RHBZ#1686783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:11:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Stack buffer overflow with corrupted BMP"
},
{
"cve": "CVE-2019-0160",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2019-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1691640"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows were discovered in UDF-related codes under MdeModulePkg\\Universal\\Disk\\PartitionDxe\\Udf.c and MdeModulePkg\\Universal\\Disk\\UdfDxe, which could be triggered with long file names or invalid formatted UDF media.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0160"
},
{
"category": "external",
"summary": "RHBZ#1691640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:11:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media"
},
{
"cve": "CVE-2019-0161",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694065"
}
],
"notes": [
{
"category": "description",
"text": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "edk2: stack overflow in XHCI causing denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0161"
},
{
"category": "external",
"summary": "RHBZ#1694065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161"
},
{
"category": "external",
"summary": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
}
],
"release_date": "2018-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:11:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
"7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "edk2: stack overflow in XHCI causing denial of service"
}
]
}
rhba-2019:1088
Vulnerability from csaf_redhat
Published
2019-05-08 12:28
Modified
2025-08-03 19:14
Summary
Red Hat Bug Fix Advisory: rhvm-appliance security, bug fix, and enhancement update
Notes
Topic
Updated rhvm-appliance packages that fix several bugs and add various enhancements are now available.
Details
Updated rhvm-appliance packages that fix several bugs and add various enhancements are now available.
The RHVM Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal
In this release, support has been added for OpenSCAP security profiles that can be enabled during self-hosted engine deployment. (BZ#1392051)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhvm-appliance packages that fix several bugs and add various enhancements are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Updated rhvm-appliance packages that fix several bugs and add various enhancements are now available.\n\nThe RHVM Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal\n\nIn this release, support has been added for OpenSCAP security profiles that can be enabled during self-hosted engine deployment. (BZ#1392051)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2019:1088",
"url": "https://access.redhat.com/errata/RHBA-2019:1088"
},
{
"category": "external",
"summary": "1578835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578835"
},
{
"category": "external",
"summary": "1579000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579000"
},
{
"category": "external",
"summary": "1659450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659450"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_1088.json"
}
],
"title": "Red Hat Bug Fix Advisory: rhvm-appliance security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-08-03T19:14:04+00:00",
"generator": {
"date": "2025-08-03T19:14:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHBA-2019:1088",
"initial_release_date": "2019-05-08T12:28:47+00:00",
"revision_history": [
{
"date": "2019-05-08T12:28:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-05-08T12:28:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T19:14:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
"product": {
"name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
"product_id": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.3-20190409.0.el7?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-2:4.3-20190409.0.el7.src",
"product": {
"name": "rhvm-appliance-2:4.3-20190409.0.el7.src",
"product_id": "rhvm-appliance-2:4.3-20190409.0.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.3-20190409.0.el7?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190409.0.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src"
},
"product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
},
"product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190409.0.el7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src"
},
"product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
},
"product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-05-08T12:28:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2019:1088"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
}
]
}
rhsa-2019:0483
Vulnerability from csaf_redhat
Published
2019-03-13 13:00
Modified
2025-08-04 11:57
Summary
Red Hat Security Advisory: openssl security and bug fix update
Notes
Topic
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0483",
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0483.json"
}
],
"title": "Red Hat Security Advisory: openssl security and bug fix update",
"tracking": {
"current_release_date": "2025-08-04T11:57:36+00:00",
"generator": {
"date": "2025-08-04T11:57:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:0483",
"initial_release_date": "2019-03-13T13:00:21+00:00",
"revision_history": [
{
"date": "2019-03-13T13:00:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-03-13T13:00:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T11:57:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"product": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"product": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"product": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"product_id": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"product": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"product_id": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"product": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"product": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"product": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"product": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"product_id": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:1.0.2k-16.el7_6.1.src",
"product": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src",
"product_id": "openssl-1:1.0.2k-16.el7_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"product": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"product_id": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"product": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"product": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"product": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"product": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"product_id": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"product": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"product_id": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"product": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"product": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"product": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"product_id": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"product": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"product": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"product": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"product": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"product_id": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"product": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"product_id": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"product": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"product": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"product": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"product": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"product_id": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"product": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"product_id": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"product": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"product": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"product": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"product_id": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"product": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"product": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"product": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"product": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"product": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"product_id": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
},
"product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0735",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644356"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the ECDSA signature generation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0735"
},
{
"category": "external",
"summary": "RHBZ#1644356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0735",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
}
],
"release_date": "2018-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-13T13:00:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
"product_ids": [
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the ECDSA signature generation"
},
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-13T13:00:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
"product_ids": [
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
"7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
"7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
}
]
}
rhsa-2019:3933
Vulnerability from csaf_redhat
Published
2019-11-20 16:14
Modified
2025-08-06 05:01
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7
Notes
Topic
An update is now available for JBoss Core Services on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)
* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)
* mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
* mod_session_cookie does not respect expiry time (CVE-2018-17199)
* mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)
* mod_http2: possible crash on late upgrade (CVE-2019-0197)
* mod_http2: read-after-free on a string compare (CVE-2019-0196)
* nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
* nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
* mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
* mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n* mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n* mod_session_cookie does not respect expiry time (CVE-2018-17199)\n* mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n* mod_http2: possible crash on late upgrade (CVE-2019-0197)\n* mod_http2: read-after-free on a string compare (CVE-2019-0196)\n* nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n* nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n* mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n* mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3933",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "JBCS-798",
"url": "https://issues.redhat.com/browse/JBCS-798"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3933.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
"tracking": {
"current_release_date": "2025-08-06T05:01:15+00:00",
"generator": {
"date": "2025-08-06T05:01:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3933",
"initial_release_date": "2019-11-20T16:14:21+00:00",
"revision_history": [
{
"date": "2019-11-20T16:14:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-06T13:04:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-06T05:01:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-22.redhat_1.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-33.jbcs.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644364"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the DSA signature algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "RHBZ#1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the DSA signature algorithm"
},
{
"cve": "CVE-2018-0737",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1568253"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "RHBZ#1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3",
"url": "http://www.openwall.com/lists/oss-security/2018/04/16/3"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180416.txt",
"url": "https://www.openssl.org/news/secadv/20180416.txt"
}
],
"release_date": "2018-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys"
},
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2018-17189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668497"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17189"
},
{
"category": "external",
"summary": "RHBZ#1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
},
{
"cve": "CVE-2018-17199",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668493"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_session_cookie does not respect expiry time",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17199"
},
{
"category": "external",
"summary": "RHBZ#1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_session_cookie does not respect expiry time"
},
{
"cve": "CVE-2019-0196",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695030"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: read-after-free on a string compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0196"
},
{
"category": "external",
"summary": "RHBZ#1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: read-after-free on a string compare"
},
{
"cve": "CVE-2019-0197",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695042"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: possible crash on late upgrade",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0197"
},
{
"category": "external",
"summary": "RHBZ#1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: possible crash on late upgrade"
},
{
"cve": "CVE-2019-0217",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695020"
}
],
"notes": [
{
"category": "description",
"text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_auth_digest: access control bypass due to race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0217"
},
{
"category": "external",
"summary": "RHBZ#1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_auth_digest: access control bypass due to race condition"
},
{
"cve": "CVE-2019-9511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741860"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: large amount of data requests leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "RHBZ#1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: large amount of data requests leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9513",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "RHBZ#1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
"url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-9516",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: 0-length headers lead to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "RHBZ#1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
"url": "https://github.com/nghttp2/nghttp2/issues/1382#"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: 0-length headers lead to denial of service"
},
{
"cve": "CVE-2019-9517",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741868"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: request for large response leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "RHBZ#1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: request for large response leads to denial of service"
}
]
}
rhba-2019:1053
Vulnerability from csaf_redhat
Published
2019-05-08 12:26
Modified
2025-08-03 19:13
Summary
Red Hat Bug Fix Advisory: redhat-virtualization-host bug fix and enhancement update
Notes
Topic
Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available.
Details
The imgbased packages provide a way to create read-only base images from squashfs images, and a way to manage writable filesystem layers on top of those base images, including the installation of new images through yum and selection of a layer from runtime.
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The redhat-release-virtualization-host package provides the Red Hat Virtualization Host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Changes to the imgbased component:
* Previously, Red Hat Virtualization Host entered emergency mode after it was updated to the latest version and rebooted twice. This was due to the presence of a local disk WWID in /etc/multipath/wwids.
In the current release, /etc/multipath/wwids has been removed. During upgrades, imgbased now calls "vdsm-tool configure --force" in the new layer, using the SYSTEMD_IGNORE_CHROOT environment variable. (BZ#1636028)
* Previously, the default ntp.conf file was migrated to chrony even when NTP was disabled, overwriting chrony.conf file with incorrect values. In the current release, ntp.conf is only migrated if NTP is enabled. (BZ#1638606)
* Previously, imgbased failed upon receiving the e2fsck return code 1 when creating a new layer. In the current release, imgbased handles the e2fsck return code 1 as a success, since the new file system is correct and the new layer is installed successfully. (BZ#1645395)
* Previously, even if lvmetad was disabled in the configuration, the lvmetad service left a pid file hanging. As a result, entering lvm commands displayed warnings.
The current release masks the lvmetad service during build so it never starts and lvm commands do not show warnings. (BZ#1652795)
Changes to the redhat-virtualization-host component:
* Previously, during an upgrade, dracut running inside chroot did not detect the cpuinfo and the kernel config files because /proc was not mounted and /boot was bindmounted. As a result, the correct microcode was missing from the initramfs.
The current release bindmounts /proc to the chroot and removes the --hostonly flag. This change inserts both AMD and Intel microcodes into the initramfs and boots the host after an upgrade. (BZ#1652519)
* The current release applies the OpenSCAP security profile when installing and upgrading RHV-H. This feature helps organizations comply with the Security Content Automation Protocol (SCAP) standards. (BZ#1654253)
* Do not use a VNC-based connection to deploy Red Hat Virtualization Manager as a self-hosted engine. The VNC protocol does not support password auth in FIPS mode. As a result, the self-hosted engine will fail to deploy.
Instead, deploy the Manager as a self-hosted engine, use a SPICE-based connection. (BZ#1591693)
* The current release ships a new version of Red Hat Gluster Storage, RHGS 3.4.4, in Red Hat Virtualization Host (RHVH). (BZ#1679133)
* Previously, changing log levels required editing libvirt.conf and restarting the libvirtd service. This restart prevented support from collecting data and made reproducing issues more difficult.
The current release adds the libvirt-admin package to the optional channel for Red Hat Virtualization Host. Installing this package enables you to run the virt-admin command to change libvirt logging levels on the fly. (BZ#1571283)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated \u200b\u200bredhat-virtualization-host packages that fix several bugs and add various enhancements are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "The imgbased packages provide a way to create read-only base images from squashfs images, and a way to manage writable filesystem layers on top of those base images, including the installation of new images through yum and selection of a layer from runtime.\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe redhat-release-virtualization-host package provides the Red Hat Virtualization Host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nChanges to the imgbased component:\n\n* Previously, Red Hat Virtualization Host entered emergency mode after it was updated to the latest version and rebooted twice. This was due to the presence of a local disk WWID in /etc/multipath/wwids.\n\nIn the current release, /etc/multipath/wwids has been removed. During upgrades, imgbased now calls \"vdsm-tool configure --force\" in the new layer, using the SYSTEMD_IGNORE_CHROOT environment variable. (BZ#1636028)\n\n* Previously, the default ntp.conf file was migrated to chrony even when NTP was disabled, overwriting chrony.conf file with incorrect values. In the current release, ntp.conf is only migrated if NTP is enabled. (BZ#1638606)\n\n* Previously, imgbased failed upon receiving the e2fsck return code 1 when creating a new layer. In the current release, imgbased handles the e2fsck return code 1 as a success, since the new file system is correct and the new layer is installed successfully. (BZ#1645395)\n\n* Previously, even if lvmetad was disabled in the configuration, the lvmetad service left a pid file hanging. As a result, entering lvm commands displayed warnings.\n\nThe current release masks the lvmetad service during build so it never starts and lvm commands do not show warnings. (BZ#1652795)\n\nChanges to the redhat-virtualization-host component:\n\n* Previously, during an upgrade, dracut running inside chroot did not detect the cpuinfo and the kernel config files because /proc was not mounted and /boot was bindmounted. As a result, the correct microcode was missing from the initramfs.\n\nThe current release bindmounts /proc to the chroot and removes the --hostonly flag. This change inserts both AMD and Intel microcodes into the initramfs and boots the host after an upgrade. (BZ#1652519)\n\n* The current release applies the OpenSCAP security profile when installing and upgrading RHV-H. This feature helps organizations comply with the Security Content Automation Protocol (SCAP) standards. (BZ#1654253)\n\n* Do not use a VNC-based connection to deploy Red Hat Virtualization Manager as a self-hosted engine. The VNC protocol does not support password auth in FIPS mode. As a result, the self-hosted engine will fail to deploy.\n\nInstead, deploy the Manager as a self-hosted engine, use a SPICE-based connection. (BZ#1591693)\n\n* The current release ships a new version of Red Hat Gluster Storage, RHGS 3.4.4, in Red Hat Virtualization Host (RHVH). (BZ#1679133)\n\n* Previously, changing log levels required editing libvirt.conf and restarting the libvirtd service. This restart prevented support from collecting data and made reproducing issues more difficult.\n\nThe current release adds the libvirt-admin package to the optional channel for Red Hat Virtualization Host. Installing this package enables you to run the virt-admin command to change libvirt logging levels on the fly. (BZ#1571283)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2019:1053",
"url": "https://access.redhat.com/errata/RHBA-2019:1053"
},
{
"category": "external",
"summary": "1436519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436519"
},
{
"category": "external",
"summary": "1571283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571283"
},
{
"category": "external",
"summary": "1591693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591693"
},
{
"category": "external",
"summary": "1630263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630263"
},
{
"category": "external",
"summary": "1630267",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630267"
},
{
"category": "external",
"summary": "1632741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632741"
},
{
"category": "external",
"summary": "1633069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633069"
},
{
"category": "external",
"summary": "1633075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633075"
},
{
"category": "external",
"summary": "1636028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636028"
},
{
"category": "external",
"summary": "1638606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1638606"
},
{
"category": "external",
"summary": "1645395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645395"
},
{
"category": "external",
"summary": "1646147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646147"
},
{
"category": "external",
"summary": "1652519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652519"
},
{
"category": "external",
"summary": "1652789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652789"
},
{
"category": "external",
"summary": "1652795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652795"
},
{
"category": "external",
"summary": "1652817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652817"
},
{
"category": "external",
"summary": "1653137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653137"
},
{
"category": "external",
"summary": "1653669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653669"
},
{
"category": "external",
"summary": "1654253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1654253"
},
{
"category": "external",
"summary": "1655003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1655003"
},
{
"category": "external",
"summary": "1669377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1669377"
},
{
"category": "external",
"summary": "1673953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673953"
},
{
"category": "external",
"summary": "1679133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679133"
},
{
"category": "external",
"summary": "1693710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693710"
},
{
"category": "external",
"summary": "1693897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693897"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_1053.json"
}
],
"title": "Red Hat Bug Fix Advisory: redhat-virtualization-host bug fix and enhancement update",
"tracking": {
"current_release_date": "2025-08-03T19:13:57+00:00",
"generator": {
"date": "2025-08-03T19:13:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHBA-2019:1053",
"initial_release_date": "2019-05-08T12:26:02+00:00",
"revision_history": [
{
"date": "2019-05-08T12:26:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-05-08T12:26:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T19:13:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
"product": {
"name": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
"product_id": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-node-ng@4.3.0-0.20181213.0.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.3-0.5.el7.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.3-0.5.el7.src",
"product_id": "redhat-release-virtualization-host-0:4.3-0.5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3-0.5.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.1.7-0.1.el7ev.src",
"product": {
"name": "imgbased-0:1.1.7-0.1.el7ev.src",
"product_id": "imgbased-0:1.1.7-0.1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.1.7-0.1.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
"product": {
"name": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
"product_id": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.3-20190409.0.el7_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"product": {
"name": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"product_id": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ovirt-node-ng-nodectl@4.3.0-0.20181213.0.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"product": {
"name": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"product_id": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-node-ng-nodectl@4.3.0-0.20181213.0.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.3-0.5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.1.7-0.1.el7ev.noarch",
"product": {
"name": "imgbased-0:1.1.7-0.1.el7ev.noarch",
"product_id": "imgbased-0:1.1.7-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.1.7-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-imgbased-0:1.1.7-0.1.el7ev.noarch",
"product": {
"name": "python-imgbased-0:1.1.7-0.1.el7ev.noarch",
"product_id": "python-imgbased-0:1.1.7-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-imgbased@1.1.7-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.3-20190409.0.el7_6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3-0.5.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src"
},
"product_reference": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.1.7-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch"
},
"product_reference": "imgbased-0:1.1.7-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.1.7-0.1.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src"
},
"product_reference": "imgbased-0:1.1.7-0.1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src"
},
"product_reference": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch"
},
"product_reference": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-imgbased-0:1.1.7-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch"
},
"product_reference": "python-imgbased-0:1.1.7-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch"
},
"product_reference": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.3-0.5.el7.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.3-0.5.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-05-08T12:26:02+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2019:1053"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
}
]
}
rhsa-2019:3931
Vulnerability from csaf_redhat
Published
2019-11-20 16:04
Modified
2025-08-03 21:32
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release
Notes
Topic
Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.
Security Fix(es):
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
* tomcat: XSS in SSI printenv (CVE-2019-0221)
* openssl: 0-byte record padding oracle (CVE-2019-1559)
* tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072)
* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n \nRefer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) \n* tomcat: XSS in SSI printenv (CVE-2019-0221) \n* openssl: 0-byte record padding oracle (CVE-2019-1559) \n* tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072)\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3931",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3931.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release",
"tracking": {
"current_release_date": "2025-08-03T21:32:13+00:00",
"generator": {
"date": "2025-08-03T21:32:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3931",
"initial_release_date": "2019-11-20T16:04:24+00:00",
"revision_history": [
{
"date": "2019-11-20T16:04:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-02T16:22:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T21:32:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5",
"product": {
"name": "Red Hat JBoss Web Server 5",
"product_id": "Red Hat JBoss Web Server 5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2019-0199",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat HTTP/2 DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0199"
},
{
"category": "external",
"summary": "RHBZ#1693325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0199",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199"
}
],
"release_date": "2019-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Apache Tomcat HTTP/2 DoS"
},
{
"cve": "CVE-2019-0221",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713275"
}
],
"notes": [
{
"category": "description",
"text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: XSS in SSI printenv",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0221"
},
{
"category": "external",
"summary": "RHBZ#1713275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221"
}
],
"release_date": "2019-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: XSS in SSI printenv"
},
{
"cve": "CVE-2019-1559",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2019-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1683804"
}
],
"notes": [
{
"category": "description",
"text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: 0-byte record padding oracle",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1559"
},
{
"category": "external",
"summary": "RHBZ#1683804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
},
{
"category": "external",
"summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
"url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20190226.txt",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
}
],
"release_date": "2019-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: 0-byte record padding oracle"
},
{
"cve": "CVE-2019-10072",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1723708"
}
],
"notes": [
{
"category": "description",
"text": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10072"
},
{
"category": "external",
"summary": "RHBZ#1723708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10072",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:04:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Web Server 5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"category": "workaround",
"details": "pki-servlet-container does not use HTTP/2 in its default configuration.",
"product_ids": [
"Red Hat JBoss Web Server 5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199"
}
]
}
wid-sec-w-2023-1594
Vulnerability from csaf_certbund
Published
2023-06-28 22:00
Modified
2023-06-28 22:00
Summary
IBM Tivoli Network Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1594 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1594.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1594 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1594"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/885316"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/884276"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/883428"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/883424"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882926"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882898"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882888"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880403"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880401"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880395"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/879855"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/879841"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870546"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870526"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870508"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870504"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870500"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870498"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/743933"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739297"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739271"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739249"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739247"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739245"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739243"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/738231"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/731931"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730883"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730871"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730845"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730835"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730171"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720307"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720283"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720265"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/718745"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717345"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717335"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717327"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717007"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/716573"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/712213"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/712199"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/570557"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569765"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569727"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569717"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/305321"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/304091"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/304089"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/303663"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/303657"
}
],
"source_lang": "en-US",
"title": "IBM Tivoli Network Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-28T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:53:31.776+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1594",
"initial_release_date": "2023-06-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5",
"product_id": "T028343",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_5"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9",
"product_id": "T028344",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1",
"product_id": "T028345",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.1.1"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.2",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.2",
"product_id": "T028346",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.2"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4",
"product_id": "T028347",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.4"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5",
"product_id": "T028348",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.5"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4",
"product_id": "T028349",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_4"
}
}
}
],
"category": "product_name",
"name": "Tivoli Network Manager"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-4046",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-4046"
},
{
"cve": "CVE-2019-4030",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-4030"
},
{
"cve": "CVE-2019-2684",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2684"
},
{
"cve": "CVE-2019-2602",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2602"
},
{
"cve": "CVE-2019-2537",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2537"
},
{
"cve": "CVE-2019-2534",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2534"
},
{
"cve": "CVE-2019-2531",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2531"
},
{
"cve": "CVE-2019-2529",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2529"
},
{
"cve": "CVE-2019-2503",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2503"
},
{
"cve": "CVE-2019-2482",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2482"
},
{
"cve": "CVE-2019-2481",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2481"
},
{
"cve": "CVE-2019-2455",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2455"
},
{
"cve": "CVE-2019-1559",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-1559"
},
{
"cve": "CVE-2019-0220",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-0220"
},
{
"cve": "CVE-2018-8039",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-8039"
},
{
"cve": "CVE-2018-5407",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-5407"
},
{
"cve": "CVE-2018-3282",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3282"
},
{
"cve": "CVE-2018-3278",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3278"
},
{
"cve": "CVE-2018-3276",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3276"
},
{
"cve": "CVE-2018-3251",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3251"
},
{
"cve": "CVE-2018-3247",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3247"
},
{
"cve": "CVE-2018-3174",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3174"
},
{
"cve": "CVE-2018-3156",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3156"
},
{
"cve": "CVE-2018-3143",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3143"
},
{
"cve": "CVE-2018-3123",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3123"
},
{
"cve": "CVE-2018-3084",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3084"
},
{
"cve": "CVE-2018-3082",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3082"
},
{
"cve": "CVE-2018-3081",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3081"
},
{
"cve": "CVE-2018-3080",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3080"
},
{
"cve": "CVE-2018-3079",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3079"
},
{
"cve": "CVE-2018-3078",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3078"
},
{
"cve": "CVE-2018-3077",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3077"
},
{
"cve": "CVE-2018-3075",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3075"
},
{
"cve": "CVE-2018-3074",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3074"
},
{
"cve": "CVE-2018-3073",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3073"
},
{
"cve": "CVE-2018-3071",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3071"
},
{
"cve": "CVE-2018-3070",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3070"
},
{
"cve": "CVE-2018-3067",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3067"
},
{
"cve": "CVE-2018-3066",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3066"
},
{
"cve": "CVE-2018-3065",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3065"
},
{
"cve": "CVE-2018-3064",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3064"
},
{
"cve": "CVE-2018-3063",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3063"
},
{
"cve": "CVE-2018-3062",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3062"
},
{
"cve": "CVE-2018-3061",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3061"
},
{
"cve": "CVE-2018-3060",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3060"
},
{
"cve": "CVE-2018-3058",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3058"
},
{
"cve": "CVE-2018-3056",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3056"
},
{
"cve": "CVE-2018-3054",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3054"
},
{
"cve": "CVE-2018-2877",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2877"
},
{
"cve": "CVE-2018-2846",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2846"
},
{
"cve": "CVE-2018-2839",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2839"
},
{
"cve": "CVE-2018-2819",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2819"
},
{
"cve": "CVE-2018-2818",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2818"
},
{
"cve": "CVE-2018-2817",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2817"
},
{
"cve": "CVE-2018-2816",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2816"
},
{
"cve": "CVE-2018-2813",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2813"
},
{
"cve": "CVE-2018-2812",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2812"
},
{
"cve": "CVE-2018-2810",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2810"
},
{
"cve": "CVE-2018-2805",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2805"
},
{
"cve": "CVE-2018-2787",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2787"
},
{
"cve": "CVE-2018-2786",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2786"
},
{
"cve": "CVE-2018-2784",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2784"
},
{
"cve": "CVE-2018-2782",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2782"
},
{
"cve": "CVE-2018-2781",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2781"
},
{
"cve": "CVE-2018-2780",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2780"
},
{
"cve": "CVE-2018-2779",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2779"
},
{
"cve": "CVE-2018-2778",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2778"
},
{
"cve": "CVE-2018-2777",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2777"
},
{
"cve": "CVE-2018-2776",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2776"
},
{
"cve": "CVE-2018-2775",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2775"
},
{
"cve": "CVE-2018-2773",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2773"
},
{
"cve": "CVE-2018-2771",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2771"
},
{
"cve": "CVE-2018-2769",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2769"
},
{
"cve": "CVE-2018-2766",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2766"
},
{
"cve": "CVE-2018-2762",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2762"
},
{
"cve": "CVE-2018-2761",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2761"
},
{
"cve": "CVE-2018-2759",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2759"
},
{
"cve": "CVE-2018-2758",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2758"
},
{
"cve": "CVE-2018-2755",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2755"
},
{
"cve": "CVE-2018-2598",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2598"
},
{
"cve": "CVE-2018-1996",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1996"
},
{
"cve": "CVE-2018-1926",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1926"
},
{
"cve": "CVE-2018-1904",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1904"
},
{
"cve": "CVE-2018-1902",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1902"
},
{
"cve": "CVE-2018-1901",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1901"
},
{
"cve": "CVE-2018-1798",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1798"
},
{
"cve": "CVE-2018-1797",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1797"
},
{
"cve": "CVE-2018-1794",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1794"
},
{
"cve": "CVE-2018-1793",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1793"
},
{
"cve": "CVE-2018-1777",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1777"
},
{
"cve": "CVE-2018-1770",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1770"
},
{
"cve": "CVE-2018-1767",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1767"
},
{
"cve": "CVE-2018-1719",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1719"
},
{
"cve": "CVE-2018-1695",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1695"
},
{
"cve": "CVE-2018-1656",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1656"
},
{
"cve": "CVE-2018-1643",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1643"
},
{
"cve": "CVE-2018-1621",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1621"
},
{
"cve": "CVE-2018-1614",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1614"
},
{
"cve": "CVE-2018-1567",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1567"
},
{
"cve": "CVE-2018-1447",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1447"
},
{
"cve": "CVE-2018-1428",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1428"
},
{
"cve": "CVE-2018-1427",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1427"
},
{
"cve": "CVE-2018-1426",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1426"
},
{
"cve": "CVE-2018-1301",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-12539",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-12539"
},
{
"cve": "CVE-2018-10237",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-0734",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0732",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2017-9798",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-9798"
},
{
"cve": "CVE-2017-3738",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3738"
},
{
"cve": "CVE-2017-3737",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3737"
},
{
"cve": "CVE-2017-3736",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3736"
},
{
"cve": "CVE-2017-3735",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3735"
},
{
"cve": "CVE-2017-3732",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3732"
},
{
"cve": "CVE-2017-1743",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1743"
},
{
"cve": "CVE-2017-1741",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1741"
},
{
"cve": "CVE-2017-1731",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1731"
},
{
"cve": "CVE-2017-1681",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1681"
},
{
"cve": "CVE-2017-15715",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-15715"
},
{
"cve": "CVE-2017-15710",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2017-12624",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12624"
},
{
"cve": "CVE-2017-12618",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12618"
},
{
"cve": "CVE-2017-12613",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12613"
},
{
"cve": "CVE-2016-0705",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0705"
},
{
"cve": "CVE-2016-0702",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0702"
},
{
"cve": "CVE-2016-0701",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0701"
},
{
"cve": "CVE-2015-0899",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2015-0899"
},
{
"cve": "CVE-2014-7810",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2014-7810"
},
{
"cve": "CVE-2012-5783",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2012-5783"
}
]
}
wid-sec-w-2022-0517
Vulnerability from csaf_certbund
Published
2019-08-06 22:00
Modified
2025-06-23 22:00
Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um dadurch die Integrität, Vertraulichkeit und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0517 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2022-0517.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0517 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0517"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2332 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2332"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2336 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2336"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2308 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2308"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2285 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2285"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2290 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2290"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2280 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2280"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2283 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2283"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2272 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2272"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2276 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2276"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2258 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2258"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2229 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2229"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2237 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2237"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2196 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2196"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2197 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2197"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2189 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2189"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2177 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2178 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2178"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2162 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2162"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2157 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2157"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2137 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2137"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2125 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2126 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2126"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2112 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2112"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2101 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2101"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2075 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2075"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2049 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2052 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2052"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2047 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2048 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2048"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2035 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2035"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2037 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2037"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2017 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2017"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2437 vom 2019-08-12",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2285 vom 2019-08-14",
"url": "http://linux.oracle.com/errata/ELSA-2019-2285.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2052 vom 2019-08-14",
"url": "http://linux.oracle.com/errata/ELSA-2019-2052.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2258 vom 2019-08-14",
"url": "http://linux.oracle.com/errata/ELSA-2019-2258.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2178 vom 2019-08-14",
"url": "http://linux.oracle.com/errata/ELSA-2019-2178.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2229 vom 2019-08-14",
"url": "http://linux.oracle.com/errata/ELSA-2019-2229.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2177 vom 2019-08-16",
"url": "http://linux.oracle.com/errata/ELSA-2019-2177.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2283 vom 2019-08-19",
"url": "http://linux.oracle.com/errata/ELSA-2019-2283.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2189 vom 2019-08-21",
"url": "http://linux.oracle.com/errata/ELSA-2019-2189.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2280 vom 2019-08-21",
"url": "http://linux.oracle.com/errata/ELSA-2019-2280.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2332 vom 2019-08-21",
"url": "http://linux.oracle.com/errata/ELSA-2019-2332.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2267-1 vom 2019-09-02",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192267-1.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2019:2101 vom 2019-09-18",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-2101-Low-CentOS-7-exiv2-Security-Update-tp4645686.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2019:2258 vom 2019-09-18",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-2258-Moderate-CentOS-7-http-parser-Security-Update-tp4645679.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2730-1 vom 2019-10-22",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192730-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2750-1 vom 2019-10-23",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192750-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3338 vom 2019-11-05",
"url": "https://access.redhat.com/errata/RHSA-2019:3338"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3651 vom 2019-11-05",
"url": "https://access.redhat.com/errata/RHSA-2019:3651"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3575 vom 2019-11-05",
"url": "https://access.redhat.com/errata/RHSA-2019:3575"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3583 vom 2019-11-06",
"url": "https://access.redhat.com/errata/RHSA-2019:3583"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3590 vom 2019-11-05",
"url": "https://access.redhat.com/errata/RHSA-2019:3590"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3345 vom 2019-11-06",
"url": "https://access.redhat.com/errata/RHSA-2019:3345"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3497 vom 2019-11-05",
"url": "https://access.redhat.com/errata/RHSA-2019:3497"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3335 vom 2019-11-05",
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3705 vom 2019-11-05",
"url": "https://access.redhat.com/errata/RHSA-2019:3705"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2019-209 vom 2019-12-22",
"url": "https://downloads.avaya.com/css/P8/documents/101060434"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2019-205 vom 2019-12-22",
"url": "https://downloads.avaya.com/css/P8/documents/101060432"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0471 vom 2020-02-11",
"url": "https://access.redhat.com/errata/RHSA-2020:0471"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2020:0471 vom 2020-02-11",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0471-Moderate-CentOS-6-spice-gtk-Security-Update-tp4645840.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0595 vom 2020-02-25",
"url": "https://access.redhat.com/errata/RHSA-2020:0595"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:0555-1 vom 2020-03-02",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200555-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0850 vom 2020-03-17",
"url": "https://access.redhat.com/errata/RHSA-2020:0850"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0851 vom 2020-03-17",
"url": "https://access.redhat.com/errata/RHSA-2020:0851"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2020:0851 vom 2020-03-25",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0851-Moderate-CentOS-7-python-virtualenv-Security-Update-tp4645882.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2020:0850 vom 2020-03-25",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0850-Moderate-CentOS-7-python-pip-Security-Update-tp4645865.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1265 vom 2020-04-01",
"url": "https://access.redhat.com/errata/RHSA-2020:1265"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:0921-1 vom 2020-04-04",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200921-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1471 vom 2020-04-14",
"url": "https://access.redhat.com/errata/RHSA-2020:1471"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1464 vom 2020-04-14",
"url": "https://access.redhat.com/errata/RHSA-2020:1464"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1461 vom 2020-04-14",
"url": "https://access.redhat.com/errata/RHSA-2020:1461"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1577 vom 2020-04-28",
"url": "https://access.redhat.com/errata/RHSA-2020:1577"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1916 vom 2020-04-28",
"url": "https://access.redhat.com/errata/RHSA-2020:1916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1605 vom 2020-04-28",
"url": "https://access.redhat.com/errata/RHSA-2020:1605"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2068 vom 2020-05-12",
"url": "https://access.redhat.com/errata/RHSA-2020:2068"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2081 vom 2020-05-12",
"url": "https://access.redhat.com/errata/RHSA-2020:2081"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:1792-1 vom 2020-06-26",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/007049.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3194 vom 2020-07-28",
"url": "https://access.redhat.com/errata/RHSA-2020:3194"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2711-1 vom 2020-09-22",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007450.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2942-1 vom 2020-10-16",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-October/007582.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4999 vom 2020-11-10",
"url": "https://access.redhat.com/errata/RHSA-2020:4999"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2470 vom 2020-12-01",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:3842-1 vom 2020-12-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/008077.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:3841-1 vom 2020-12-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/008078.html"
},
{
"category": "external",
"summary": "F5 Security Advisory K00409335 vom 2020-12-29",
"url": "https://support.f5.com/csp/article/K00409335?utm_source=f5support\u0026utm_medium=RSS"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2645 vom 2021-04-29",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202107-15 vom 2021-07-08",
"url": "https://www.cybersecurity-help.cz/vdb/SB2021070803"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2802 vom 2021-10-31",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1448-1 vom 2022-04-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010858.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1819-1 vom 2022-05-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011137.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5497-1 vom 2022-06-30",
"url": "https://ubuntu.com/security/notices/USN-5497-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2614-1 vom 2022-08-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011724.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5553-1 vom 2022-08-08",
"url": "https://ubuntu.com/security/notices/USN-5553-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5631-1 vom 2022-09-22",
"url": "https://ubuntu.com/security/notices/USN-5631-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5671-1 vom 2022-10-12",
"url": "https://ubuntu.com/security/notices/USN-5671-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4252-1 vom 2022-11-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013131.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1939 vom 2023-02-22",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1939.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1940 vom 2023-02-22",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1940.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-6980 vom 2023-11-21",
"url": "https://linux.oracle.com/errata/ELSA-2023-6980.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12605 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12605.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-253 vom 2025-06-24",
"url": "https://www.dell.com/support/kbdoc/000335065"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-23T22:00:00.000+00:00",
"generator": {
"date": "2025-06-24T07:44:55.519+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-0517",
"initial_release_date": "2019-08-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2019-08-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-08-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-08-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-08-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-08-19T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-08-21T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-09-02T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-09-18T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2019-10-09T22:00:00.000+00:00",
"number": "9",
"summary": "Referenz(en) aufgenommen: SUSE-SU-2019:1487-2"
},
{
"date": "2019-10-15T22:00:00.000+00:00",
"number": "10",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-7B06F18A10, FEDORA-2019-A25D5DF3B4, FEDORA-2019-23638D42F3"
},
{
"date": "2019-10-21T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-10-23T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-11-05T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-12-22T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2020-01-30T23:00:00.000+00:00",
"number": "15",
"summary": "Referenz(en) aufgenommen: FEDORA-2020-CB7B7181A0, FEDORA-2020-1DFAA1963B"
},
{
"date": "2020-02-10T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-02-11T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2020-02-24T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-03-02T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-03-17T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-03-25T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2020-03-31T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-05T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-04-14T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-28T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-05-03T22:00:00.000+00:00",
"number": "26",
"summary": "Referenz(en) aufgenommen: USN-4349-1"
},
{
"date": "2020-05-12T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-06-28T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-07-28T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-09-22T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-10-18T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-11-09T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-11-30T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-12-16T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-12-28T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2021-04-29T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2021-07-07T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2021-09-08T22:00:00.000+00:00",
"number": "38",
"summary": "Referenz(en) aufgenommen: USN-5067-1"
},
{
"date": "2021-10-31T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-04-28T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-05-23T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-06-30T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-08-01T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-08T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-09-22T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-10-11T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-11-28T23:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-02-22T23:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-11-21T23:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-09-02T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-06-23T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "51"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "T40",
"product": {
"name": "Dell PowerEdge T40",
"product_id": "T027537",
"product_identification_helper": {
"cpe": "cpe:/h:dell:poweredge:t40"
}
}
}
],
"category": "product_name",
"name": "PowerEdge"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7",
"product": {
"name": "Red Hat Enterprise Linux 7",
"product_id": "T006054",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3616",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2016-3616"
},
{
"cve": "CVE-2017-15111",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-15111"
},
{
"cve": "CVE-2017-15112",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-15112"
},
{
"cve": "CVE-2017-17724",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-17724"
},
{
"cve": "CVE-2017-18189",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-18189"
},
{
"cve": "CVE-2017-18233",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-18233"
},
{
"cve": "CVE-2017-18234",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-18234"
},
{
"cve": "CVE-2017-18236",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-18236"
},
{
"cve": "CVE-2017-18238",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-18238"
},
{
"cve": "CVE-2017-5731",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-5731"
},
{
"cve": "CVE-2017-5732",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-5732"
},
{
"cve": "CVE-2017-5733",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-5733"
},
{
"cve": "CVE-2017-5734",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-5734"
},
{
"cve": "CVE-2017-5735",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-5735"
},
{
"cve": "CVE-2017-6059",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-6059"
},
{
"cve": "CVE-2017-6413",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2017-6413"
},
{
"cve": "CVE-2018-0495",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-0495"
},
{
"cve": "CVE-2018-1000132",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-1000132"
},
{
"cve": "CVE-2018-1000852",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-1000852"
},
{
"cve": "CVE-2018-1000876",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-1000876"
},
{
"cve": "CVE-2018-10689",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-10689"
},
{
"cve": "CVE-2018-10772",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-10772"
},
{
"cve": "CVE-2018-10893",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-10893"
},
{
"cve": "CVE-2018-10958",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-10958"
},
{
"cve": "CVE-2018-10998",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-10998"
},
{
"cve": "CVE-2018-11037",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-11037"
},
{
"cve": "CVE-2018-11212",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-11212"
},
{
"cve": "CVE-2018-11213",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-11213"
},
{
"cve": "CVE-2018-11214",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-11214"
},
{
"cve": "CVE-2018-1122",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-1122"
},
{
"cve": "CVE-2018-11813",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-11813"
},
{
"cve": "CVE-2018-12121",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-12121"
},
{
"cve": "CVE-2018-12181",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-12181"
},
{
"cve": "CVE-2018-12264",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-12264"
},
{
"cve": "CVE-2018-12265",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-12265"
},
{
"cve": "CVE-2018-12404",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-12404"
},
{
"cve": "CVE-2018-12641",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-12641"
},
{
"cve": "CVE-2018-12697",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-12697"
},
{
"cve": "CVE-2018-13259",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-13259"
},
{
"cve": "CVE-2018-13346",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-13346"
},
{
"cve": "CVE-2018-13347",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-13347"
},
{
"cve": "CVE-2018-14046",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-14046"
},
{
"cve": "CVE-2018-14348",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-14348"
},
{
"cve": "CVE-2018-14498",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-14498"
},
{
"cve": "CVE-2018-16062",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-16062"
},
{
"cve": "CVE-2018-16402",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-16402"
},
{
"cve": "CVE-2018-16403",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-16403"
},
{
"cve": "CVE-2018-16548",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-16548"
},
{
"cve": "CVE-2018-16838",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-16838"
},
{
"cve": "CVE-2018-17282",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-17282"
},
{
"cve": "CVE-2018-17336",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-17336"
},
{
"cve": "CVE-2018-17581",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-17581"
},
{
"cve": "CVE-2018-18074",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-18074"
},
{
"cve": "CVE-2018-18310",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-18310"
},
{
"cve": "CVE-2018-18520",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-18520"
},
{
"cve": "CVE-2018-18521",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-18521"
},
{
"cve": "CVE-2018-18584",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-18584"
},
{
"cve": "CVE-2018-18585",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-18585"
},
{
"cve": "CVE-2018-18915",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-18915"
},
{
"cve": "CVE-2018-19044",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-19044"
},
{
"cve": "CVE-2018-19107",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-19107"
},
{
"cve": "CVE-2018-19108",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-19108"
},
{
"cve": "CVE-2018-19198",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-19198"
},
{
"cve": "CVE-2018-19199",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-19199"
},
{
"cve": "CVE-2018-19208",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-19208"
},
{
"cve": "CVE-2018-19535",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-19535"
},
{
"cve": "CVE-2018-19607",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-19607"
},
{
"cve": "CVE-2018-20060",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-20060"
},
{
"cve": "CVE-2018-20096",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-20096"
},
{
"cve": "CVE-2018-20097",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-20097"
},
{
"cve": "CVE-2018-20098",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-20098"
},
{
"cve": "CVE-2018-20099",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-20099"
},
{
"cve": "CVE-2018-20532",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-20532"
},
{
"cve": "CVE-2018-20533",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-20533"
},
{
"cve": "CVE-2018-20534",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-20534"
},
{
"cve": "CVE-2018-3613",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-3613"
},
{
"cve": "CVE-2018-5407",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-5407"
},
{
"cve": "CVE-2018-6541",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-6541"
},
{
"cve": "CVE-2018-7159",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-7159"
},
{
"cve": "CVE-2018-7409",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-7409"
},
{
"cve": "CVE-2018-7485",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-7485"
},
{
"cve": "CVE-2018-7730",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-7730"
},
{
"cve": "CVE-2018-8976",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-8976"
},
{
"cve": "CVE-2018-8977",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-8977"
},
{
"cve": "CVE-2018-9305",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2018-9305"
},
{
"cve": "CVE-2019-0160",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-0160"
},
{
"cve": "CVE-2019-0161",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-0161"
},
{
"cve": "CVE-2019-10153",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-10153"
},
{
"cve": "CVE-2019-10192",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-10192"
},
{
"cve": "CVE-2019-10193",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-10193"
},
{
"cve": "CVE-2019-11236",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-11236"
},
{
"cve": "CVE-2019-3811",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-3811"
},
{
"cve": "CVE-2019-7149",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-7149"
},
{
"cve": "CVE-2019-7150",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-7150"
},
{
"cve": "CVE-2019-7664",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-7664"
},
{
"cve": "CVE-2019-7665",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-7665"
},
{
"cve": "CVE-2019-8379",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-8379"
},
{
"cve": "CVE-2019-8383",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-8383"
},
{
"cve": "CVE-2019-9755",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027537",
"T001663",
"398363",
"T012167",
"1727",
"T004914",
"T006054"
]
},
"release_date": "2019-08-06T22:00:00.000+00:00",
"title": "CVE-2019-9755"
}
]
}
gsd-2018-5407
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-5407",
"description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"id": "GSD-2018-5407",
"references": [
"https://www.suse.com/security/cve/CVE-2018-5407.html",
"https://www.debian.org/security/2018/dsa-4355",
"https://www.debian.org/security/2018/dsa-4348",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3931",
"https://access.redhat.com/errata/RHSA-2019:3929",
"https://access.redhat.com/errata/RHSA-2019:2125",
"https://access.redhat.com/errata/RHBA-2019:1088",
"https://access.redhat.com/errata/RHBA-2019:1053",
"https://access.redhat.com/errata/RHSA-2019:0483",
"https://ubuntu.com/security/CVE-2018-5407",
"https://advisories.mageia.org/CVE-2018-5407.html",
"https://security.archlinux.org/CVE-2018-5407",
"https://alas.aws.amazon.com/cve/html/CVE-2018-5407.html",
"https://linux.oracle.com/cve/CVE-2018-5407.html",
"https://packetstormsecurity.com/files/cve/CVE-2018-5407"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-5407"
],
"details": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
"id": "GSD-2018-5407",
"modified": "2023-12-13T01:22:40.039977Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Processors supporting Simultaneous Multi-Threading",
"version": {
"version_data": [
{
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "N/A"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:0483",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"name": "USN-3840-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name": "DSA-4355",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"name": "https://www.tenable.com/security/tns-2018-17",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name": "GLSA-201903-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "https://www.tenable.com/security/tns-2018-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"name": "45785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"name": "https://github.com/bbbrumley/portsmash",
"refsource": "MISC",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"name": "DSA-4348",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name": "105897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105897"
},
{
"name": "https://eprint.iacr.org/2018/1060.pdf",
"refsource": "MISC",
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"name": "RHSA-2019:0651",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"name": "RHSA-2019:0652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:2125",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "RHSA-2019:3929",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"name": "RHSA-2019:3935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.14.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.11.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.9.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0i",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.2q",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.12.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "3.12.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5407"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bbbrumley/portsmash",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bbbrumley/portsmash"
},
{
"name": "https://eprint.iacr.org/2018/1060.pdf",
"refsource": "MISC",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"name": "45785",
"refsource": "EXPLOIT-DB",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"name": "105897",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105897"
},
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name": "DSA-4348",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name": "USN-3840-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name": "DSA-4355",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"name": "https://www.tenable.com/security/tns-2018-17",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"name": "https://www.tenable.com/security/tns-2018-16",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "GLSA-201903-10",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "RHSA-2019:0483",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"name": "RHSA-2019:0652",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"name": "RHSA-2019:0651",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:2125",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2125"
},
{
"name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "RHSA-2019:3929",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3935",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3933",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3931",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"name": "RHSA-2019:3932",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-09-18T16:58Z",
"publishedDate": "2018-11-15T21:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…