All errata/sisyphus/ALT-PU-2016-1058-1
ALT-PU-2016-1058-1

Package update openssl10 in branch sisyphus

Version1.0.2f-alt1
Task#156754
Published2016-01-28
Max severityMEDIUM
Severity:

Closed issues (4)

BDU:2016-00666
LOW2.6

Уязвимость библиотеки OpenSSL, позволяющая нарушителю получить закрытый ключ

Published: 2016-03-23Modified: 2021-03-23
CVSS 2.0LOW 2.6
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N
References
BDU:2016-00896
MEDIUM4.3

Уязвимость библиотеки OpenSSL, позволяющая нарушителю взломать криптографический механизм защиты

Published: 2016-04-14Modified: 2021-03-23
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
References
CVE-2015-3197
MEDIUM5.9

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

Published: 2016-02-15Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References
CVE-2016-0701
LOW3.7

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

Published: 2016-02-15Modified: 2025-04-12
CVSS 2.0LOW 2.6
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS 3.xLOW 3.7
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References