csaf_suse - suse-su-2016:0344-1

suse-su-2016:0344-1

Vulnerability from csaf_suse

Published

2016-02-05 09:11

Modified

2016-02-05 09:11

Summary

Security update for socat

Notes

Title of the patch

Security update for socat

Description of the patch

This update for socat fixed the following issues: - bsc#964844: Fixed security advisory 8, Stack overflow in parser, http://www.openwall.com/lists/oss-security/2016/02/01/5. - bsc#938913: Improved resilience against Logjam attacks (CVE-2015-4000) by increasing the size of the default DH group from 512 to 2048 bit. This change avoids the non-prime 1024 bit DH p parameter in OpenSSL http://www.dest-unreach.org/socat/contrib/socat-secadv7.html.

Patchnames

SUSE-SLE-DESKTOP-12-2016-209,SUSE-SLE-DESKTOP-12-SP1-2016-209,SUSE-SLE-SERVER-12-2016-209,SUSE-SLE-SERVER-12-SP1-2016-209

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for socat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for socat fixed the following issues:\n\n- bsc#964844: Fixed security advisory 8, Stack overflow in parser, http://www.openwall.com/lists/oss-security/2016/02/01/5.\n- bsc#938913: Improved resilience against Logjam attacks (CVE-2015-4000) by increasing the size of the default DH group from 512 to 2048 bit. This change avoids the non-prime 1024 bit DH p parameter in OpenSSL http://www.dest-unreach.org/socat/contrib/socat-secadv7.html.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-2016-209,SUSE-SLE-DESKTOP-12-SP1-2016-209,SUSE-SLE-SERVER-12-2016-209,SUSE-SLE-SERVER-12-SP1-2016-209",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0344-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:0344-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160344-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:0344-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-February/001851.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 938913",
        "url": "https://bugzilla.suse.com/938913"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 964844",
        "url": "https://bugzilla.suse.com/964844"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-4000 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-4000/"
      }
    ],
    "title": "Security update for socat",
    "tracking": {
      "current_release_date": "2016-02-05T09:11:54Z",
      "generator": {
        "date": "2016-02-05T09:11:54Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:0344-1",
      "initial_release_date": "2016-02-05T09:11:54Z",
      "revision_history": [
        {
          "date": "2016-02-05T09:11:54Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "socat-1.7.2.4-3.1.ppc64le",
                "product": {
                  "name": "socat-1.7.2.4-3.1.ppc64le",
                  "product_id": "socat-1.7.2.4-3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "socat-1.7.2.4-3.1.s390x",
                "product": {
                  "name": "socat-1.7.2.4-3.1.s390x",
                  "product_id": "socat-1.7.2.4-3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "socat-1.7.2.4-3.1.x86_64",
                "product": {
                  "name": "socat-1.7.2.4-3.1.x86_64",
                  "product_id": "socat-1.7.2.4-3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12",
                  "product_id": "SUSE Linux Enterprise Desktop 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12",
                  "product_id": "SUSE Linux Enterprise Server 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:socat-1.7.2.4-3.1.x86_64"
        },
        "product_reference": "socat-1.7.2.4-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:socat-1.7.2.4-3.1.x86_64"
        },
        "product_reference": "socat-1.7.2.4-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.ppc64le as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.ppc64le"
        },
        "product_reference": "socat-1.7.2.4-3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.s390x"
        },
        "product_reference": "socat-1.7.2.4-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.x86_64"
        },
        "product_reference": "socat-1.7.2.4-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.ppc64le"
        },
        "product_reference": "socat-1.7.2.4-3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.s390x"
        },
        "product_reference": "socat-1.7.2.4-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.x86_64"
        },
        "product_reference": "socat-1.7.2.4-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.ppc64le"
        },
        "product_reference": "socat-1.7.2.4-3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.s390x"
        },
        "product_reference": "socat-1.7.2.4-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.x86_64"
        },
        "product_reference": "socat-1.7.2.4-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.ppc64le"
        },
        "product_reference": "socat-1.7.2.4-3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.s390x"
        },
        "product_reference": "socat-1.7.2.4-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "socat-1.7.2.4-3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.x86_64"
        },
        "product_reference": "socat-1.7.2.4-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-4000",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-4000"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:socat-1.7.2.4-3.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:socat-1.7.2.4-3.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.x86_64",
          "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.ppc64le",
          "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.s390x",
          "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-4000",
          "url": "https://www.suse.com/security/cve/CVE-2015-4000"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074631 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/1074631"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211968 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/1211968"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 931600 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/931600"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 931698 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/931698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 931723 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/931723"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 931845 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/931845"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 932026 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/932026"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 932483 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/932483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 934789 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/934789"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 935033 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/935033"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 935540 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/935540"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 935979 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/935979"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 937202 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/937202"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 937766 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/937766"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 938248 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/938248"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 938432 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/938432"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 938895 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/938895"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 938905 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/938905"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 938906 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/938906"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 938913 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/938913"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 938945 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/938945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 943664 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/943664"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 944729 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/944729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945582 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/945582"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 955589 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/955589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 980406 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/980406"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990592 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/990592"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 994144 for CVE-2015-4000",
          "url": "https://bugzilla.suse.com/994144"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:socat-1.7.2.4-3.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:socat-1.7.2.4-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.x86_64",
            "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.s390x",
            "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:socat-1.7.2.4-3.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:socat-1.7.2.4-3.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:socat-1.7.2.4-3.1.x86_64",
            "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.ppc64le",
            "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.s390x",
            "SUSE Linux Enterprise Server 12:socat-1.7.2.4-3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:socat-1.7.2.4-3.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:socat-1.7.2.4-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-02-05T09:11:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-4000"
    }
  ]
}

CVE-2015-4000 (GCVE-0-2015-4000)

Vulnerability from cvelistv5

Published

2015-05-21 00:00

Modified

2024-08-06 06:04

Severity ?

CWE

Summary

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=143880121627664&w=2	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1243.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html	vendor-advisory
	http://www.securitytracker.com/id/1033208	vdb-entry
	http://www.securitytracker.com/id/1032637	vdb-entry
	http://marc.info/?l=bugtraq&m=144050121701297&w=2	vendor-advisory
	http://www.debian.org/security/2016/dsa-3688	vendor-advisory
	http://www.debian.org/security/2015/dsa-3287	vendor-advisory
	http://marc.info/?l=bugtraq&m=144493176821532&w=2	vendor-advisory
	http://www.securitytracker.com/id/1032865	vdb-entry
	http://marc.info/?l=bugtraq&m=143557934009303&w=2	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html	vendor-advisory
	http://www.securitytracker.com/id/1034728	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html	vendor-advisory
	http://www.securitytracker.com/id/1032656	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	http://openwall.com/lists/oss-security/2015/05/20/8	mailing-list
	http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=143628304012255&w=2	vendor-advisory
	http://marc.info/?l=bugtraq&m=144060576831314&w=2	vendor-advisory
	http://www.securitytracker.com/id/1032475	vdb-entry
	http://www.securitytracker.com/id/1032960	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html	vendor-advisory
	http://www.securitytracker.com/id/1032653	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html	vendor-advisory
	http://www.securitytracker.com/id/1033385	vdb-entry
	https://security.gentoo.org/glsa/201512-10	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1229.html	vendor-advisory
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html	vendor-advisory
	http://www.securitytracker.com/id/1032864	vdb-entry
	http://www.securitytracker.com/id/1032910	vdb-entry
	http://www.securitytracker.com/id/1032645	vdb-entry
	http://www.ubuntu.com/usn/USN-2706-1	vendor-advisory
	https://security.gentoo.org/glsa/201701-46	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1526.html	vendor-advisory
	http://www.securitytracker.com/id/1033760	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2015-1485.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1197.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=144104533800819&w=2	vendor-advisory
	http://www.securitytracker.com/id/1032699	vdb-entry
	http://www.securitytracker.com/id/1032476	vdb-entry
	http://www.securitytracker.com/id/1032649	vdb-entry
	http://marc.info/?l=bugtraq&m=144043644216842&w=2	vendor-advisory
	http://marc.info/?l=bugtraq&m=143637549705650&w=2	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1544.html	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html	vendor-advisory
	https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196	vendor-advisory
	http://www.securitytracker.com/id/1032688	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html	vendor-advisory
	http://www.securitytracker.com/id/1032652	vdb-entry
	http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1185.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=143558092609708&w=2	vendor-advisory
	http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=144069189622016&w=2	vendor-advisory
	http://www.securitytracker.com/id/1032648	vdb-entry
	http://www.securitytracker.com/id/1032759	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2015-1228.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=144060606031437&w=2	vendor-advisory
	http://www.debian.org/security/2015/dsa-3316	vendor-advisory
	http://www.securitytracker.com/id/1033209	vdb-entry
	http://www.securitytracker.com/id/1032871	vdb-entry
	http://www.debian.org/security/2015/dsa-3324	vendor-advisory
	http://www.securitytracker.com/id/1032655	vdb-entry
	http://www.securitytracker.com/id/1033210	vdb-entry
	http://marc.info/?l=bugtraq&m=144061542602287&w=2	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=145409266329539&w=2	vendor-advisory
	http://www.ubuntu.com/usn/USN-2673-1	vendor-advisory
	http://www.securitytracker.com/id/1034884	vdb-entry
	http://marc.info/?l=bugtraq&m=143506486712441&w=2	vendor-advisory
	https://security.gentoo.org/glsa/201603-11	vendor-advisory
	http://www.securitytracker.com/id/1033064	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html	vendor-advisory
	http://www.securitytracker.com/id/1032778	vdb-entry
	http://www.securitytracker.com/id/1032474	vdb-entry
	http://marc.info/?l=bugtraq&m=144493176821532&w=2	vendor-advisory
	http://marc.info/?l=bugtraq&m=144102017024820&w=2	vendor-advisory
	http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html	vendor-advisory
	http://www.securitytracker.com/id/1032784	vdb-entry
	http://www.securitytracker.com/id/1032777	vdb-entry
	http://www.securitytracker.com/id/1033416	vdb-entry
	http://www.securitytracker.com/id/1033991	vdb-entry
	http://www.securitytracker.com/id/1032647	vdb-entry
	http://www.securitytracker.com/id/1032654	vdb-entry
	http://www.securitytracker.com/id/1033341	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2015-1486.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html	vendor-advisory
	http://www.securitytracker.com/id/1033433	vdb-entry
	http://www.ubuntu.com/usn/USN-2696-1	vendor-advisory
	http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html	vendor-advisory
	http://www.securitytracker.com/id/1032702	vdb-entry
	http://www.debian.org/security/2015/dsa-3339	vendor-advisory
	http://www.securitytracker.com/id/1032727	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2015-1242.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html	vendor-advisory
	https://security.gentoo.org/glsa/201506-02	vendor-advisory
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1624.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1488.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html	vendor-advisory
	http://www.securitytracker.com/id/1033430	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1241.html	vendor-advisory
	http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=143880121627664&w=2	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1230.html	vendor-advisory
	http://www.securityfocus.com/bid/74733	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html	vendor-advisory
	http://www.securitytracker.com/id/1032651	vdb-entry
	http://www.securitytracker.com/id/1033065	vdb-entry
	http://www.ubuntu.com/usn/USN-2656-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html	vendor-advisory
	http://www.securitytracker.com/id/1033222	vdb-entry
	http://www.securitytracker.com/id/1036218	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=143655800220052&w=2	vendor-advisory
	http://www.securitytracker.com/id/1040630	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html	vendor-advisory
	http://www.securitytracker.com/id/1034087	vdb-entry
	http://www.securitytracker.com/id/1033513	vdb-entry
	http://www.securitytracker.com/id/1032884	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2015-1604.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html	vendor-advisory
	http://www.securitytracker.com/id/1032932	vdb-entry
	http://www.securitytracker.com/id/1033891	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html	vendor-advisory
	http://www.securitytracker.com/id/1032783	vdb-entry
	http://www.securitytracker.com/id/1032856	vdb-entry
	http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc	vendor-advisory
	http://www.debian.org/security/2015/dsa-3300	vendor-advisory
	http://www.ubuntu.com/usn/USN-2656-2	vendor-advisory
	http://www.securitytracker.com/id/1033067	vdb-entry
	http://www.securitytracker.com/id/1033019	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2015-1072.html	vendor-advisory
	http://www.securitytracker.com/id/1032650	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	https://www.oracle.com/security-alerts/cpujan2021.html
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
	http://www-01.ibm.com/support/docview.wss?uid=swg21962739
	https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929
	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
	https://kc.mcafee.com/corporate/index?page=content&id=SB10122
	http://support.apple.com/kb/HT204941
	http://www-304.ibm.com/support/docview.wss?uid=swg21962816
	http://www-01.ibm.com/support/docview.wss?uid=swg21959812
	https://www-304.ibm.com/support/docview.wss?uid=swg21959745
	https://weakdh.org/imperfect-forward-secrecy.pdf
	http://www-304.ibm.com/support/docview.wss?uid=swg21959132
	https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
	http://www-01.ibm.com/support/docview.wss?uid=swg21959539
	https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
	http://www-01.ibm.com/support/docview.wss?uid=swg21959325
	https://openssl.org/news/secadv/20150611.txt
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527
	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
	http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
	http://www-304.ibm.com/support/docview.wss?uid=swg21967893
	http://www-304.ibm.com/support/docview.wss?uid=swg21958984
	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
	http://www-01.ibm.com/support/docview.wss?uid=swg21959517
	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
	http://www-01.ibm.com/support/docview.wss?uid=swg21959195
	http://www-01.ibm.com/support/docview.wss?uid=swg21961717
	http://www-304.ibm.com/support/docview.wss?uid=swg21960041
	http://www-304.ibm.com/support/docview.wss?uid=swg21960194
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
	http://www-01.ibm.com/support/docview.wss?uid=swg21959453
	https://security.netapp.com/advisory/ntap-20150619-0001/
	http://www-01.ibm.com/support/docview.wss?uid=swg21959111
	http://www-304.ibm.com/support/docview.wss?uid=swg21960418
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
	https://www.suse.com/security/cve/CVE-2015-4000.html
	https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722
	http://support.citrix.com/article/CTX201114
	http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
	http://www-304.ibm.com/support/docview.wss?uid=swg21960380
	http://support.apple.com/kb/HT204942
	http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083
	http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
	http://www-01.ibm.com/support/docview.wss?uid=swg21959530
	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
	http://www-01.ibm.com/support/docview.wss?uid=swg21960191
	http://www-01.ibm.com/support/docview.wss?uid=swg21959636
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839
	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
	https://puppet.com/security/cve/CVE-2015-4000
	http://www.mozilla.org/security/announce/2015/mfsa2015-70.html
	http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
	https://support.citrix.com/article/CTX216642
	https://weakdh.org/
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
	http://www-01.ibm.com/support/docview.wss?uid=swg21959481
	https://bto.bluecoat.com/security-advisory/sa98
	https://bugzilla.mozilla.org/show_bug.cgi?id=1138554
	http://www-01.ibm.com/support/docview.wss?uid=swg21962455
	https://www.openssl.org/news/secadv_20150611.txt
	http://www.fortiguard.com/advisory/2015-05-20-logjam-attack
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website