csaf_suse - suse-su-2015:2230-1

suse-su-2015:2230-1

Vulnerability from csaf_suse

Published

2015-12-08 13:48

Modified

2015-12-08 13:48

Summary

Security update for openssl

Notes

Title of the patch

Security update for openssl

Description of the patch

This update for openssl fixes the following issues: Security fixes: - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed: - Improve S/390 performance on IBM z196 and z13 (bsc#954256)

Patchnames

SUSE-SLE-DESKTOP-12-SP1-2015-954,SUSE-SLE-SDK-12-SP1-2015-954,SUSE-SLE-SERVER-12-SP1-2015-954

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for openssl fixes the following issues: \n\nSecurity fixes:\n- CVE-2015-3194: The signature verification routines will crash with a\n  NULL pointer dereference if presented with an ASN.1 signature using the\n  RSA PSS algorithm and absent mask generation function parameter. Since\n  these routines are used to verify certificate signature algorithms\n  this can be used to crash any certificate verification operation and\n  exploited in a DoS attack. Any application which performs certificate\n  verification is vulnerable including OpenSSL clients and servers which\n  enable client authentication. (bsc#957815)\n- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak\n  memory. This structure is used by the PKCS#7 and CMS routines so any\n  application which reads PKCS#7 or CMS data from untrusted sources is affected.\n  SSL/TLS is not affected. (bsc#957812)\n- CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then\n  the values were wrongly updated in the parent SSL_CTX structure. This could\n  result in a race condition potentially leading to a double free of the\n  identify hint data.  (bsc#957813)\n\nNon security bugs fixed:\n- Improve S/390 performance on IBM z196 and z13 (bsc#954256)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP1-2015-954,SUSE-SLE-SDK-12-SP1-2015-954,SUSE-SLE-SERVER-12-SP1-2015-954",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2230-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2015:2230-1",
        "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152230-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2015:2230-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2015-December/001726.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 954256",
        "url": "https://bugzilla.suse.com/954256"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 957812",
        "url": "https://bugzilla.suse.com/957812"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 957813",
        "url": "https://bugzilla.suse.com/957813"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 957815",
        "url": "https://bugzilla.suse.com/957815"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3194 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3194/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3195 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3195/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3196 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3196/"
      }
    ],
    "title": "Security update for openssl",
    "tracking": {
      "current_release_date": "2015-12-08T13:48:40Z",
      "generator": {
        "date": "2015-12-08T13:48:40Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2015:2230-1",
      "initial_release_date": "2015-12-08T13:48:40Z",
      "revision_history": [
        {
          "date": "2015-12-08T13:48:40Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-doc-1.0.1i-36.1.noarch",
                "product": {
                  "name": "openssl-doc-1.0.1i-36.1.noarch",
                  "product_id": "openssl-doc-1.0.1i-36.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-devel-1.0.1i-36.1.ppc64le",
                "product": {
                  "name": "libopenssl-devel-1.0.1i-36.1.ppc64le",
                  "product_id": "libopenssl-devel-1.0.1i-36.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_0_0-1.0.1i-36.1.ppc64le",
                "product": {
                  "name": "libopenssl1_0_0-1.0.1i-36.1.ppc64le",
                  "product_id": "libopenssl1_0_0-1.0.1i-36.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
                "product": {
                  "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
                  "product_id": "libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1.0.1i-36.1.ppc64le",
                "product": {
                  "name": "openssl-1.0.1i-36.1.ppc64le",
                  "product_id": "openssl-1.0.1i-36.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-devel-1.0.1i-36.1.s390x",
                "product": {
                  "name": "libopenssl-devel-1.0.1i-36.1.s390x",
                  "product_id": "libopenssl-devel-1.0.1i-36.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_0_0-1.0.1i-36.1.s390x",
                "product": {
                  "name": "libopenssl1_0_0-1.0.1i-36.1.s390x",
                  "product_id": "libopenssl1_0_0-1.0.1i-36.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
                "product": {
                  "name": "libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
                  "product_id": "libopenssl1_0_0-32bit-1.0.1i-36.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
                "product": {
                  "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
                  "product_id": "libopenssl1_0_0-hmac-1.0.1i-36.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
                "product": {
                  "name": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
                  "product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1.0.1i-36.1.s390x",
                "product": {
                  "name": "openssl-1.0.1i-36.1.s390x",
                  "product_id": "openssl-1.0.1i-36.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl1_0_0-1.0.1i-36.1.x86_64",
                "product": {
                  "name": "libopenssl1_0_0-1.0.1i-36.1.x86_64",
                  "product_id": "libopenssl1_0_0-1.0.1i-36.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
                "product": {
                  "name": "libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
                  "product_id": "libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1.0.1i-36.1.x86_64",
                "product": {
                  "name": "openssl-1.0.1i-36.1.x86_64",
                  "product_id": "openssl-1.0.1i-36.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-devel-1.0.1i-36.1.x86_64",
                "product": {
                  "name": "libopenssl-devel-1.0.1i-36.1.x86_64",
                  "product_id": "libopenssl-devel-1.0.1i-36.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
                "product": {
                  "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
                  "product_id": "libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
                "product": {
                  "name": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
                  "product_id": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl1_0_0-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:openssl-1.0.1i-36.1.x86_64"
        },
        "product_reference": "openssl-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-devel-1.0.1i-36.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.ppc64le"
        },
        "product_reference": "libopenssl-devel-1.0.1i-36.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-devel-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.s390x"
        },
        "product_reference": "libopenssl-devel-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-devel-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl-devel-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-1.0.1i-36.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le"
        },
        "product_reference": "libopenssl1_0_0-1.0.1i-36.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x"
        },
        "product_reference": "libopenssl1_0_0-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl1_0_0-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-32bit-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x"
        },
        "product_reference": "libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le"
        },
        "product_reference": "libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x"
        },
        "product_reference": "libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x"
        },
        "product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.0.1i-36.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.ppc64le"
        },
        "product_reference": "openssl-1.0.1i-36.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.s390x"
        },
        "product_reference": "openssl-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.x86_64"
        },
        "product_reference": "openssl-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-doc-1.0.1i-36.1.noarch as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:openssl-doc-1.0.1i-36.1.noarch"
        },
        "product_reference": "openssl-doc-1.0.1i-36.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-1.0.1i-36.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le"
        },
        "product_reference": "libopenssl1_0_0-1.0.1i-36.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x"
        },
        "product_reference": "libopenssl1_0_0-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl1_0_0-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-32bit-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x"
        },
        "product_reference": "libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le"
        },
        "product_reference": "libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x"
        },
        "product_reference": "libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x"
        },
        "product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64"
        },
        "product_reference": "libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.0.1i-36.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.ppc64le"
        },
        "product_reference": "openssl-1.0.1i-36.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.0.1i-36.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.s390x"
        },
        "product_reference": "openssl-1.0.1i-36.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.0.1i-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.x86_64"
        },
        "product_reference": "openssl-1.0.1i-36.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-doc-1.0.1i-36.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-36.1.noarch"
        },
        "product_reference": "openssl-doc-1.0.1i-36.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-3194",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3194"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:openssl-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3194",
          "url": "https://www.suse.com/security/cve/CVE-2015-3194"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 957812 for CVE-2015-3194",
          "url": "https://bugzilla.suse.com/957812"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 957815 for CVE-2015-3194",
          "url": "https://bugzilla.suse.com/957815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958768 for CVE-2015-3194",
          "url": "https://bugzilla.suse.com/958768"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 976341 for CVE-2015-3194",
          "url": "https://bugzilla.suse.com/976341"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990370 for CVE-2015-3194",
          "url": "https://bugzilla.suse.com/990370"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-08T13:48:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3194"
    },
    {
      "cve": "CVE-2015-3195",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3195"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:openssl-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3195",
          "url": "https://www.suse.com/security/cve/CVE-2015-3195"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 923755 for CVE-2015-3195",
          "url": "https://bugzilla.suse.com/923755"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 957812 for CVE-2015-3195",
          "url": "https://bugzilla.suse.com/957812"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 957815 for CVE-2015-3195",
          "url": "https://bugzilla.suse.com/957815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 958768 for CVE-2015-3195",
          "url": "https://bugzilla.suse.com/958768"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963977 for CVE-2015-3195",
          "url": "https://bugzilla.suse.com/963977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986238 for CVE-2015-3195",
          "url": "https://bugzilla.suse.com/986238"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-08T13:48:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3195"
    },
    {
      "cve": "CVE-2015-3196",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3196"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:openssl-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3196",
          "url": "https://www.suse.com/security/cve/CVE-2015-3196"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 957813 for CVE-2015-3196",
          "url": "https://bugzilla.suse.com/957813"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-36.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-36.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libopenssl-devel-1.0.1i-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-12-08T13:48:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3196"
    }
  ]
}

CVE-2015-3195 (GCVE-0-2015-3195)

Vulnerability from cvelistv5

Published

2015-12-06 00:00

Modified

2024-08-06 05:39

Severity ?

CWE

Summary

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

References

►

URL

Tags

	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	https://support.apple.com/HT206167
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-2617.html	vendor-advisory
	http://www.fortiguard.com/advisory/openssl-advisory-december-2015
	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
	http://www.securityfocus.com/bid/78626	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2015-2616.html	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
	http://marc.info/?l=bugtraq&m=145382583417444&w=2	vendor-advisory
	http://www.ubuntu.com/usn/USN-2830-1	vendor-advisory
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
	http://openssl.org/news/secadv/20151203.txt
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://www.securitytracker.com/id/1034294	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d
	http://fortiguard.com/advisory/openssl-advisory-december-2015
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
	http://www.debian.org/security/2015/dsa-3413	vendor-advisory
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html	vendor-advisory
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206167"
          },
          {
            "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
          },
          {
            "name": "openSUSE-SU-2015:2288",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
          },
          {
            "name": "RHSA-2015:2617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "SSA:2015-349-04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
          },
          {
            "name": "78626",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78626"
          },
          {
            "name": "RHSA-2015:2616",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2616.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "HPSBGN03536",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
          },
          {
            "name": "USN-2830-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2830-1"
          },
          {
            "name": "openSUSE-SU-2015:2289",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
          },
          {
            "name": "FEDORA-2015-d87d60b9a9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20151203.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "1034294",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034294"
          },
          {
            "name": "SUSE-SU-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
          },
          {
            "name": "DSA-3413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3413"
          },
          {
            "name": "openSUSE-SU-2015:2318",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "openSUSE-SU-2015:2349",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "APPLE-SA-2016-03-21-5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "https://support.apple.com/HT206167"
        },
        {
          "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
        },
        {
          "name": "openSUSE-SU-2015:2288",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
        },
        {
          "name": "RHSA-2015:2617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "SSA:2015-349-04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
        },
        {
          "name": "78626",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/78626"
        },
        {
          "name": "RHSA-2015:2616",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2616.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "HPSBGN03536",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
        },
        {
          "name": "USN-2830-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2830-1"
        },
        {
          "name": "openSUSE-SU-2015:2289",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
        },
        {
          "name": "FEDORA-2015-d87d60b9a9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20151203.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "1034294",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034294"
        },
        {
          "name": "SUSE-SU-2016:0678",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
        },
        {
          "name": "DSA-3413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3413"
        },
        {
          "name": "openSUSE-SU-2015:2318",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "openSUSE-SU-2015:2349",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3195",
    "datePublished": "2015-12-06T00:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:31.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3196 (GCVE-0-2015-3196)

Vulnerability from cvelistv5

Published

2015-12-06 00:00

Modified

2024-08-06 05:39

Severity ?

CWE

Summary

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

References

►

URL

Tags

	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
	http://rhn.redhat.com/errata/RHSA-2015-2617.html	vendor-advisory
	http://www.fortiguard.com/advisory/openssl-advisory-december-2015
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583	vendor-advisory
	http://www.securityfocus.com/bid/78622	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
	http://marc.info/?l=bugtraq&m=145382583417444&w=2	vendor-advisory
	http://www.ubuntu.com/usn/USN-2830-1	vendor-advisory
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
	http://openssl.org/news/secadv/20151203.txt
	http://www.securitytracker.com/id/1034294	vdb-entry
	http://fortiguard.com/advisory/openssl-advisory-december-2015
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
	http://www.debian.org/security/2015/dsa-3413	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
          },
          {
            "name": "openSUSE-SU-2015:2288",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
          },
          {
            "name": "RHSA-2015:2617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "name": "SSA:2015-349-04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
          },
          {
            "name": "78622",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78622"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "HPSBGN03536",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
          },
          {
            "name": "USN-2830-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2830-1"
          },
          {
            "name": "openSUSE-SU-2015:2289",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
          },
          {
            "name": "FEDORA-2015-d87d60b9a9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20151203.txt"
          },
          {
            "name": "1034294",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034294"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
          },
          {
            "name": "DSA-3413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3413"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
        },
        {
          "name": "openSUSE-SU-2015:2288",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
        },
        {
          "name": "RHSA-2015:2617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "name": "SSA:2015-349-04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
        },
        {
          "name": "78622",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/78622"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "HPSBGN03536",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
        },
        {
          "name": "USN-2830-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2830-1"
        },
        {
          "name": "openSUSE-SU-2015:2289",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
        },
        {
          "name": "FEDORA-2015-d87d60b9a9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20151203.txt"
        },
        {
          "name": "1034294",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034294"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
        },
        {
          "name": "DSA-3413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3413"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3196",
    "datePublished": "2015-12-06T00:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:31.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3194 (GCVE-0-2015-3194)

Vulnerability from cvelistv5

Published

2015-12-06 00:00

Modified

2024-08-06 05:39

Severity ?

CWE

Summary

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

References

►

URL

Tags

	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
	http://www.securityfocus.com/bid/78623	vdb-entry
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html	vendor-advisory
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-2617.html	vendor-advisory
	http://www.fortiguard.com/advisory/openssl-advisory-december-2015
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
	https://bugzilla.redhat.com/show_bug.cgi?id=1288320
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
	http://marc.info/?l=bugtraq&m=145382583417444&w=2	vendor-advisory
	http://www.ubuntu.com/usn/USN-2830-1	vendor-advisory
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
	http://openssl.org/news/secadv/20151203.txt
	http://www.securitytracker.com/id/1034294	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html	vendor-advisory
	http://fortiguard.com/advisory/openssl-advisory-december-2015
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
	http://www.debian.org/security/2015/dsa-3413	vendor-advisory
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
          },
          {
            "name": "78623",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78623"
          },
          {
            "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e"
          },
          {
            "name": "openSUSE-SU-2016:1332",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
          },
          {
            "name": "openSUSE-SU-2015:2288",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
          },
          {
            "name": "RHSA-2015:2617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "SSA:2015-349-04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "HPSBGN03536",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
          },
          {
            "name": "USN-2830-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2830-1"
          },
          {
            "name": "openSUSE-SU-2015:2289",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
          },
          {
            "name": "FEDORA-2015-d87d60b9a9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20151203.txt"
          },
          {
            "name": "1034294",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034294"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
          },
          {
            "name": "DSA-3413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3413"
          },
          {
            "name": "openSUSE-SU-2015:2318",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
        },
        {
          "name": "78623",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/78623"
        },
        {
          "name": "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e"
        },
        {
          "name": "openSUSE-SU-2016:1332",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
        },
        {
          "name": "openSUSE-SU-2015:2288",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
        },
        {
          "name": "RHSA-2015:2617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2617.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "SSA:2015-349-04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "HPSBGN03536",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
        },
        {
          "name": "USN-2830-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2830-1"
        },
        {
          "name": "openSUSE-SU-2015:2289",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
        },
        {
          "name": "FEDORA-2015-d87d60b9a9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20151203.txt"
        },
        {
          "name": "1034294",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034294"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322"
        },
        {
          "name": "DSA-3413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3413"
        },
        {
          "name": "openSUSE-SU-2015:2318",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3194",
    "datePublished": "2015-12-06T00:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:31.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2015:2230-1

Vulnerability from csaf_suse

CVE-2015-3195 (GCVE-0-2015-3195)

Vulnerability from cvelistv5

CVE-2015-3196 (GCVE-0-2015-3196)

Vulnerability from cvelistv5

CVE-2015-3194 (GCVE-0-2015-3194)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature