Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-6329 (GCVE-0-2016-6329)
Vulnerability from cvelistv5
- n/a
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:29:18.449Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sweet32.info/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" }, { "name": "1036695", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036695" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" }, { "name": "GLSA-201611-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201611-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://community.openvpn.net/openvpn/wiki/SWEET32" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" }, { "name": "92631", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/92631" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-08-24T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-09T12:06:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://sweet32.info/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" }, { "name": "1036695", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036695" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" }, { "name": "GLSA-201611-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201611-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://community.openvpn.net/openvpn/wiki/SWEET32" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" }, { "name": "92631", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/92631" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-6329", "datePublished": "2017-01-31T22:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:18.449Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-6329\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-01-31T22:59:00.377\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \\\"Sweet32\\\" attack.\"},{\"lang\":\"es\",\"value\":\"OpenVPN, cuando utiliza un cifrado de bloques de 64 bits, facilita a atacantes remotos obtener datos de texto plano a trav\u00e9s de un ataque birthday contra una sesi\u00f3n encriptada de larga duraci\u00f3n, como lo demuestra una sesi\u00f3n HTTP-over-OpenVPN usando Blowfish en modo CBC, tambi\u00e9n conocido como ataque \\\"Sweet32\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.14\",\"matchCriteriaId\":\"2B92389B-7815-40EC-AA21-14154621BFAC\"}]}]}],\"references\":[{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21991482\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21995039\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92631\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036695\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://community.openvpn.net/openvpn/wiki/SWEET32\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201611-02\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sweet32.info/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21991482\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21995039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92631\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036695\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://community.openvpn.net/openvpn/wiki/SWEET32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201611-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sweet32.info/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]}]}}" } }
CERTFR-2019-AVI-311
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
Siemens | N/A | SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions antérieures à V7.90 | ||
Siemens | N/A | Spectrum Power 3, 4, 5 et 7 | ||
Siemens | N/A | SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Upd 11 | ||
Siemens | N/A | RAPIDPoint 500 | ||
Siemens | N/A | SIMATIC IPC627E avec un BIOS d'une version antérieure à V25.02.04 | ||
Siemens | N/A | SIMATIC PCS 7 V8.2 avec WinCC versions antérieures à V7.4 SP1 Upd 11 | ||
Siemens | N/A | SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions antérieures à VC12M sans le correctif AX037/19/P | ||
Siemens | N/A | Sensis SIS Server Machine, Mat. Nr. 06648153: versions antérieures à VC11D, VC12M, VD11B sans le correctif AX037/19/P | ||
Siemens | N/A | SIMATIC RF68XR versions antérieures à V3.2.1 | ||
Siemens | N/A | SIMATIC IPC427E avec un BIOS d'une version antérieure à V21.01.11 | ||
Siemens | N/A | SIMATIC IPC647E avec un BIOS d'une version antérieure à V25.02.04 | ||
Siemens | N/A | TIA Administrator versions antérieures à V1.0 SP1 Upd1 | ||
Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 Upd 3 | ||
Siemens | N/A | SIMATIC IPC847E avec un BIOS d'une version antérieure à V25.02.04 | ||
Siemens | N/A | SIMATIC IPC677E avec un BIOS d'une version antérieure à V25.02.04 | ||
Siemens | N/A | SIMATIC RF615R versions antérieures à V3.2.1 | ||
Siemens | N/A | SIMATIC IPC477E Pro avec un BIOS d'une version antérieure à V21.01.11 | ||
Siemens | N/A | Sensis High End SIS Server, Mat. Nr. 10140973: versions antérieures à VC11D, VC12M sans le correctif AX037/19/P | ||
Siemens | N/A | SIMATIC IPC477E avec un BIOS d'une version antérieure à V21.01.11 | ||
Siemens | N/A | DIGSI 5 versions antérieures à V7.90 | ||
Siemens | N/A | SIMATIC PCS 7 V9.0 avec WinCC versions antérieures à V7.4 SP1 Upd 11 | ||
Siemens | N/A | VM SIS Virtual Server, Mat. Nr. 10765502: versions antérieures à VC12M sans le correctif AX037/19/P |
Title | Publication Time | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions ant\u00e9rieures \u00e0 V7.90", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "Spectrum Power 3, 4, 5 et 7", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "RAPIDPoint 500", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC IPC627E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC PCS 7 V8.2 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "Sensis SIS Server Machine, Mat. Nr. 06648153: versions ant\u00e9rieures \u00e0 VC11D, VC12M, VD11B sans le correctif AX037/19/P", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC RF68XR versions ant\u00e9rieures \u00e0 V3.2.1", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC IPC427E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC IPC647E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "TIA Administrator versions ant\u00e9rieures \u00e0 V1.0 SP1 Upd1", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd 3", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC IPC847E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC IPC677E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC RF615R versions ant\u00e9rieures \u00e0 V3.2.1", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC IPC477E Pro avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "Sensis High End SIS Server, Mat. Nr. 10140973: versions ant\u00e9rieures \u00e0 VC11D, VC12M sans le correctif AX037/19/P", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC IPC477E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "DIGSI 5 versions ant\u00e9rieures \u00e0 V7.90", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "SIMATIC PCS 7 V9.0 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } }, { "description": "VM SIS Virtual Server, Mat. Nr. 10765502: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P", "product": { "name": "N/A", "vendor": { "name": "Siemens", "scada": true } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2019-11091", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091" }, { "name": "CVE-2016-6329", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6329" }, { "name": "CVE-2018-12127", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127" }, { "name": "CVE-2018-12130", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130" }, { "name": "CVE-2013-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169" }, { "name": "CVE-2019-10930", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10930" }, { "name": "CVE-2019-10915", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10915" }, { "name": "CVE-2019-10931", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10931" }, { "name": "CVE-2019-10935", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10935" }, { "name": "CVE-2018-12126", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126" }, { "name": "CVE-2019-10933", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10933" }, { "name": "CVE-2019-0708", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0708" }, { "name": "CVE-2011-3389", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389" } ], "initial_release_date": "2019-07-09T00:00:00", "last_revision_date": "2019-07-09T00:00:00", "links": [], "reference": "CERTFR-2019-AVI-311", "revisions": [ { "description": "Version initiale", "revision_date": "2019-07-09T00:00:00.000000" } ], "risks": [ { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-166360 du 09 juillet 2019", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-616199 du 09 juillet 2019", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-121293 du 09 juillet 2019", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-721298 du 09 juillet 2019", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-616472 du 09 juillet 2019", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-747162 du 09 juillet 2019", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-899560 du 09 juillet 2019", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-556833 du 09 juillet 2019", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" } ] }
gsd-2016-6329
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2016-6329", "description": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.", "id": "GSD-2016-6329", "references": [ "https://www.suse.com/security/cve/CVE-2016-6329.html", "https://ubuntu.com/security/CVE-2016-6329", "https://advisories.mageia.org/CVE-2016-6329.html", "https://alas.aws.amazon.com/cve/html/CVE-2016-6329.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2016-6329" ], "details": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.", "id": "GSD-2016-6329", "modified": "2023-12-13T01:21:23.561850Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6329", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://sweet32.info/", "refsource": "MISC", "url": "https://sweet32.info/" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", "refsource": "MISC", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" }, { "name": "http://www.securityfocus.com/bid/92631", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/92631" }, { "name": "http://www.securitytracker.com/id/1036695", "refsource": "MISC", "url": "http://www.securitytracker.com/id/1036695" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" }, { "name": "https://community.openvpn.net/openvpn/wiki/SWEET32", "refsource": "MISC", "url": "https://community.openvpn.net/openvpn/wiki/SWEET32" }, { "name": "https://security.gentoo.org/glsa/201611-02", "refsource": "MISC", "url": "https://security.gentoo.org/glsa/201611-02" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.3.14", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6329" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-310" }, { "lang": "en", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "https://sweet32.info/", "refsource": "MISC", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "https://sweet32.info/" }, { "name": "GLSA-201611-02", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201611-02" }, { "name": "https://community.openvpn.net/openvpn/wiki/SWEET32", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://community.openvpn.net/openvpn/wiki/SWEET32" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", "refsource": "CONFIRM", "tags": [ "Permissions Required", "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" }, { "name": "1036695", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1036695" }, { "name": "92631", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92631" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "refsource": "CONFIRM", "tags": [], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6 } }, "lastModifiedDate": "2019-07-09T13:15Z", "publishedDate": "2017-01-31T22:59Z" } } }
cnvd-2016-06784
Vulnerability from cnvd
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: http://openvpn.net/
Name | OpenVPN Openvpn |
---|
{ "bids": { "bid": { "bidNumber": "92631" } }, "cves": { "cve": { "cveNumber": "CVE-2016-6329" } }, "description": "OpenVPN\u662f\u7f8e\u56fdOpenVPN\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u521b\u5efa\u865a\u62df\u4e13\u7528\u7f51\u7edc\uff08VPN\uff09\u52a0\u5bc6\u901a\u9053\u7684\u8f6f\u4ef6\u5305\uff0c\u5b83\u4f7f\u7528OpenSSL\u5e93\u6765\u52a0\u5bc6\u6570\u636e\u4e0e\u63a7\u5236\u4fe1\u606f\uff0c\u5e76\u5141\u8bb8\u521b\u5efa\u7684VPN\u4f7f\u7528\u516c\u5f00\u5bc6\u94a5\u3001\u7535\u5b50\u8bc1\u4e66\u3001\u6216\u8005\u7528\u6237\u540d/\u5bc6\u7801\u6765\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\r\n\r\nOpenVPN\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002", "discovererName": "Karthik Bhargavan and Gaetan Leurent from Inria.", "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a \r\nhttp://openvpn.net/", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2016-06784", "openTime": "2016-08-27", "products": { "product": "OpenVPN Openvpn" }, "referenceLink": "http://www.securityfocus.com/bid/92631", "serverity": "\u4e2d", "submitTime": "2016-08-26", "title": "OpenVPN\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e" }
ICSA-19-192-04
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "names": [ "Wendy Parrington" ], "organization": "United Utilities", "summary": "coordinating disclosure" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp" } }, "lang": "en-US", "notes": [ { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "other", "text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s TXT advisory.", "title": "Advisory Conversion Disclaimer" }, { "category": "other", "text": "Multiple", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", "title": "Recommended Practices" }, { "category": "general", "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", "title": "Recommended Practices" }, { "category": "general", "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", "title": "Recommended Practices" }, { "category": "general", "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "As a general security measure, Siemens strongly recommends to protectnetwork access to devices with appropriate mechanisms. In order tooperate the devices in a protected IT environment, Siemens recommends toconfigure the environment according to Siemens\u0027 operational guidelinesfor Industrial Security (Download:https://www.siemens.com/cert/operational-guidelines-industrial-security),and to follow the recommendations in the product manuals.", "title": "General Recommendations" }, { "category": "general", "text": "Additional information on Industrial Security by Siemens can be foundat: https://www.siemens.com/industrialsecurity", "title": "General Recommendations" }, { "category": "legal_disclaimer", "text": "Siemens Security Advisories are subject to the terms and conditions containedin Siemens\u0027 underlying license terms or other applicable agreements previouslyagreed to with Siemens (hereinafter \"License Terms\"). To the extent applicableto information, software or documentation made available in or through aSiemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website(https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), inparticular Sections 8-10 of the Terms of Use, shall apply additionally. In caseof conflicts, the License Terms shall prevail over the Terms of Use.", "title": "Terms of Use" } ], "publisher": { "category": "coordinator", "contact_details": "central@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "SSA-556833: TLS Vulnerabilities in SIMATIC RF6XXR", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-556833.txt" }, { "category": "self", "summary": "ICS Advisory ICSA-19-192-04 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/OT/white/2019/icsa-19-192-04.json" }, { "category": "self", "summary": "ICSA Advisory ICSA-19-192-04 - Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-192-04" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/topics/industrial-control-systems" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" } ], "title": "ICSA-19-192-04 Siemens SIMATIC RF6XXR", "tracking": { "current_release_date": "2019-07-09T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-19-192-04", "initial_release_date": "2019-07-09T00:00:00.000000Z", "revision_history": [ { "date": "2019-07-09T00:00:00.000000Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003cV3.2.1", "product": { "name": "SIMATIC RF615R", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "SIMATIC RF615R" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.2.1", "product": { "name": "SIMATIC RF68XR", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "SIMATIC RF68XR" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-3389", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses e.g. the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API, aka a \"BEAST\" attack. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "mitigation", "details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2016-6329", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "notes": [ { "category": "summary", "text": "TLS, when used with a 64-bit block cipher, could allow remote attackers to obtain cleartext data by leveraging a birthday attack against a long-duration encrypted session, aka a \"Sweet32\" attack. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6329" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "mitigation", "details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2013-0169", "cwe": { "id": "CWE-331", "name": "Insufficient Entropy" }, "notes": [ { "category": "summary", "text": "TLS and DTLS versions 1.1 and 1.2, as used in the affected product, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "mitigation", "details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] } ] }
icsa-19-192-04
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "names": [ "Wendy Parrington" ], "organization": "United Utilities", "summary": "coordinating disclosure" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp" } }, "lang": "en-US", "notes": [ { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "other", "text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s TXT advisory.", "title": "Advisory Conversion Disclaimer" }, { "category": "other", "text": "Multiple", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", "title": "Recommended Practices" }, { "category": "general", "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", "title": "Recommended Practices" }, { "category": "general", "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", "title": "Recommended Practices" }, { "category": "general", "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "As a general security measure, Siemens strongly recommends to protectnetwork access to devices with appropriate mechanisms. In order tooperate the devices in a protected IT environment, Siemens recommends toconfigure the environment according to Siemens\u0027 operational guidelinesfor Industrial Security (Download:https://www.siemens.com/cert/operational-guidelines-industrial-security),and to follow the recommendations in the product manuals.", "title": "General Recommendations" }, { "category": "general", "text": "Additional information on Industrial Security by Siemens can be foundat: https://www.siemens.com/industrialsecurity", "title": "General Recommendations" }, { "category": "legal_disclaimer", "text": "Siemens Security Advisories are subject to the terms and conditions containedin Siemens\u0027 underlying license terms or other applicable agreements previouslyagreed to with Siemens (hereinafter \"License Terms\"). To the extent applicableto information, software or documentation made available in or through aSiemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website(https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), inparticular Sections 8-10 of the Terms of Use, shall apply additionally. In caseof conflicts, the License Terms shall prevail over the Terms of Use.", "title": "Terms of Use" } ], "publisher": { "category": "coordinator", "contact_details": "central@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "SSA-556833: TLS Vulnerabilities in SIMATIC RF6XXR", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-556833.txt" }, { "category": "self", "summary": "ICS Advisory ICSA-19-192-04 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/OT/white/2019/icsa-19-192-04.json" }, { "category": "self", "summary": "ICSA Advisory ICSA-19-192-04 - Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-192-04" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/topics/industrial-control-systems" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" } ], "title": "ICSA-19-192-04 Siemens SIMATIC RF6XXR", "tracking": { "current_release_date": "2019-07-09T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-19-192-04", "initial_release_date": "2019-07-09T00:00:00.000000Z", "revision_history": [ { "date": "2019-07-09T00:00:00.000000Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003cV3.2.1", "product": { "name": "SIMATIC RF615R", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "SIMATIC RF615R" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.2.1", "product": { "name": "SIMATIC RF68XR", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "SIMATIC RF68XR" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-3389", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses e.g. the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API, aka a \"BEAST\" attack. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "mitigation", "details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2016-6329", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "notes": [ { "category": "summary", "text": "TLS, when used with a 64-bit block cipher, could allow remote attackers to obtain cleartext data by leveraging a birthday attack against a long-duration encrypted session, aka a \"Sweet32\" attack. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6329" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "mitigation", "details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2013-0169", "cwe": { "id": "CWE-331", "name": "Insufficient Entropy" }, "notes": [ { "category": "summary", "text": "TLS and DTLS versions 1.1 and 1.2, as used in the affected product, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality of the device.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "vendor_fix", "details": "Update to V3.2.1 - Download: https://support.industry.siemens.com/cs/ww/en/view/109768501", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109768501" }, { "category": "mitigation", "details": "Siemens has identified the following specific workarounds and mitigations thatcustomers can apply to reduce the risk: Restrict network access to the device to the extent possible", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] } ] }
fkie_cve-2016-6329
Vulnerability from fkie_nvd
URL | Tags | ||
---|---|---|---|
secalert@redhat.com | http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697 | Permissions Required, Third Party Advisory | |
secalert@redhat.com | http://www-01.ibm.com/support/docview.wss?uid=swg21991482 | Third Party Advisory | |
secalert@redhat.com | http://www-01.ibm.com/support/docview.wss?uid=swg21995039 | Third Party Advisory | |
secalert@redhat.com | http://www.securityfocus.com/bid/92631 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | http://www.securitytracker.com/id/1036695 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf | ||
secalert@redhat.com | https://community.openvpn.net/openvpn/wiki/SWEET32 | Vendor Advisory | |
secalert@redhat.com | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403 | Third Party Advisory | |
secalert@redhat.com | https://security.gentoo.org/glsa/201611-02 | Third Party Advisory | |
secalert@redhat.com | https://sweet32.info/ | Technical Description, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697 | Permissions Required, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21991482 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21995039 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92631 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036695 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf | ||
af854a3a-2127-422b-91ae-364da2661108 | https://community.openvpn.net/openvpn/wiki/SWEET32 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201611-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://sweet32.info/ | Technical Description, Third Party Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B92389B-7815-40EC-AA21-14154621BFAC", "versionEndIncluding": "2.3.14", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack." }, { "lang": "es", "value": "OpenVPN, cuando utiliza un cifrado de bloques de 64 bits, facilita a atacantes remotos obtener datos de texto plano a trav\u00e9s de un ataque birthday contra una sesi\u00f3n encriptada de larga duraci\u00f3n, como lo demuestra una sesi\u00f3n HTTP-over-OpenVPN usando Blowfish en modo CBC, tambi\u00e9n conocido como ataque \"Sweet32\"." } ], "id": "CVE-2016-6329", "lastModified": "2025-04-20T01:37:25.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-01-31T22:59:00.377", "references": [ { "source": "secalert@redhat.com", "tags": [ "Permissions Required", "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92631" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1036695" }, { "source": "secalert@redhat.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://community.openvpn.net/openvpn/wiki/SWEET32" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201611-02" }, { "source": "secalert@redhat.com", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "https://sweet32.info/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required", "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92631" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1036695" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://community.openvpn.net/openvpn/wiki/SWEET32" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201611-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "https://sweet32.info/" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" }, { "lang": "en", "value": "CWE-310" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
ghsa-w6pr-cm6j-f384
Vulnerability from github
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
{ "affected": [], "aliases": [ "CVE-2016-6329" ], "database_specific": { "cwe_ids": [ "CWE-200" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-01-31T22:59:00Z", "severity": "MODERATE" }, "details": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.", "id": "GHSA-w6pr-cm6j-f384", "modified": "2025-04-20T03:32:04Z", "published": "2022-05-14T00:56:55Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6329" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" }, { "type": "WEB", "url": "https://community.openvpn.net/openvpn/wiki/SWEET32" }, { "type": "WEB", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201611-02" }, { "type": "WEB", "url": "https://sweet32.info" }, { "type": "WEB", "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697" }, { "type": "WEB", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482" }, { "type": "WEB", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/92631" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1036695" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }
suse-su-2017:2838-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for openvpn", "title": "Title of the patch" }, { "category": "description", "text": "\n\nThis update for openvpn fixes the following security issues:\n\n- CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. (bsc#1060877).\n- CVE-2016-6329: Now show which ciphers should no longer be used in openvpn --show-ciphers to avoid the SWEET32 attack (bsc#995374)\n- CVE-2017-7478: OpenVPN was vulnerable to unauthenticated Denial of Service of server via received large control packet. (bsc#1038709)\n- CVE-2017-7479: OpenVPN was vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. (bsc#1038711)\n- Some other hardening fixes have also been applied (bsc#1038713)\n", "title": "Description of the patch" }, { "category": "details", "text": "sleposp3-openvpn-13322,slessp3-openvpn-13322,slessp4-openvpn-13322", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2838-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2017:2838-1", "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172838-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2017:2838-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003351.html" }, { "category": "self", "summary": "SUSE Bug 1038709", "url": "https://bugzilla.suse.com/1038709" }, { "category": "self", "summary": "SUSE Bug 1038711", "url": "https://bugzilla.suse.com/1038711" }, { "category": "self", "summary": "SUSE Bug 1038713", "url": "https://bugzilla.suse.com/1038713" }, { "category": "self", "summary": "SUSE Bug 1060877", "url": "https://bugzilla.suse.com/1060877" }, { "category": "self", "summary": "SUSE Bug 995374", "url": "https://bugzilla.suse.com/995374" }, { "category": "self", "summary": "SUSE CVE CVE-2016-6329 page", "url": "https://www.suse.com/security/cve/CVE-2016-6329/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-12166 page", "url": "https://www.suse.com/security/cve/CVE-2017-12166/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-7478 page", "url": "https://www.suse.com/security/cve/CVE-2017-7478/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-7479 page", "url": "https://www.suse.com/security/cve/CVE-2017-7479/" } ], "title": "Security update for openvpn", "tracking": { "current_release_date": "2017-10-24T09:59:40Z", "generator": { "date": "2017-10-24T09:59:40Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2017:2838-1", "initial_release_date": "2017-10-24T09:59:40Z", "revision_history": [ { "date": "2017-10-24T09:59:40Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "openvpn-2.0.9-143.47.3.1.i586", "product": { "name": "openvpn-2.0.9-143.47.3.1.i586", "product_id": "openvpn-2.0.9-143.47.3.1.i586" } }, { "category": "product_version", "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "product": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "product_id": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "openvpn-2.0.9-143.47.3.1.ia64", "product": { "name": "openvpn-2.0.9-143.47.3.1.ia64", "product_id": "openvpn-2.0.9-143.47.3.1.ia64" } }, { "category": "product_version", "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "product": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "product_id": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64" } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "openvpn-2.0.9-143.47.3.1.ppc64", "product": { "name": "openvpn-2.0.9-143.47.3.1.ppc64", "product_id": "openvpn-2.0.9-143.47.3.1.ppc64" } }, { "category": "product_version", "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "product": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "product_id": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64" } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "openvpn-2.0.9-143.47.3.1.s390x", "product": { "name": "openvpn-2.0.9-143.47.3.1.s390x", "product_id": "openvpn-2.0.9-143.47.3.1.s390x" } }, { "category": "product_version", "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "product": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "product_id": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openvpn-2.0.9-143.47.3.1.x86_64", "product": { "name": "openvpn-2.0.9-143.47.3.1.x86_64", "product_id": "openvpn-2.0.9-143.47.3.1.x86_64" } }, { "category": "product_version", "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "product": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "product_id": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Point of Sale 11 SP3", "product": { "name": "SUSE Linux Enterprise Point of Sale 11 SP3", "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-pos:11:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product": { "name": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product": { "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:11:sp3:teradata" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP4", "product": { "name": "SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles:11:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:11:sp4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3", "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586" }, "product_reference": "openvpn-2.0.9-143.47.3.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3", "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586" }, "product_reference": "openvpn-2.0.9-143.47.3.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x" }, "product_reference": "openvpn-2.0.9-143.47.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64" }, "product_reference": "openvpn-2.0.9-143.47.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586" }, "product_reference": "openvpn-2.0.9-143.47.3.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x" }, "product_reference": "openvpn-2.0.9-143.47.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64" }, "product_reference": "openvpn-2.0.9-143.47.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586" }, "product_reference": "openvpn-2.0.9-143.47.3.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64" }, "product_reference": "openvpn-2.0.9-143.47.3.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64" }, "product_reference": "openvpn-2.0.9-143.47.3.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x" }, "product_reference": "openvpn-2.0.9-143.47.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64" }, "product_reference": "openvpn-2.0.9-143.47.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586" }, "product_reference": "openvpn-2.0.9-143.47.3.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64" }, "product_reference": "openvpn-2.0.9-143.47.3.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64" }, "product_reference": "openvpn-2.0.9-143.47.3.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x" }, "product_reference": "openvpn-2.0.9-143.47.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64" }, "product_reference": "openvpn-2.0.9-143.47.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" }, "product_reference": "openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-6329", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-6329" } ], "notes": [ { "category": "general", "text": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-6329", "url": "https://www.suse.com/security/cve/CVE-2016-6329" }, { "category": "external", "summary": "SUSE Bug 1026864 for CVE-2016-6329", "url": "https://bugzilla.suse.com/1026864" }, { "category": "external", "summary": "SUSE Bug 995374 for CVE-2016-6329", "url": "https://bugzilla.suse.com/995374" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-10-24T09:59:40Z", "details": "moderate" } ], "title": "CVE-2016-6329" }, { "cve": "CVE-2017-12166", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-12166" } ], "notes": [ { "category": "general", "text": "OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-12166", "url": "https://www.suse.com/security/cve/CVE-2017-12166" }, { "category": "external", "summary": "SUSE Bug 1060877 for CVE-2017-12166", "url": "https://bugzilla.suse.com/1060877" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 10, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-10-24T09:59:40Z", "details": "critical" } ], "title": "CVE-2017-12166" }, { "cve": "CVE-2017-7478", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-7478" } ], "notes": [ { "category": "general", "text": "OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-7478", "url": "https://www.suse.com/security/cve/CVE-2017-7478" }, { "category": "external", "summary": "SUSE Bug 1038709 for CVE-2017-7478", "url": "https://bugzilla.suse.com/1038709" }, { "category": "external", "summary": "SUSE Bug 1038713 for CVE-2017-7478", "url": "https://bugzilla.suse.com/1038713" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-10-24T09:59:40Z", "details": "important" } ], "title": "CVE-2017-7478" }, { "cve": "CVE-2017-7479", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-7479" } ], "notes": [ { "category": "general", "text": "OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-7479", "url": "https://www.suse.com/security/cve/CVE-2017-7479" }, { "category": "external", "summary": "SUSE Bug 1038711 for CVE-2017-7479", "url": "https://bugzilla.suse.com/1038711" }, { "category": "external", "summary": "SUSE Bug 1038713 for CVE-2017-7479", "url": "https://bugzilla.suse.com/1038713" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Point of Sale 11 SP3:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-2.0.9-143.47.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-10-24T09:59:40Z", "details": "moderate" } ], "title": "CVE-2017-7479" } ] }
suse-su-2017:1622-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for openvpn", "title": "Title of the patch" }, { "category": "description", "text": "This update for openvpn fixes the following issues:\n\n- CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374)\n- CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709)\n- CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711)\n- Hardening measures found by internal audit (bsc#1038713)\n\n\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-SLE-DESKTOP-12-SP2-2017-998,SUSE-SLE-RPI-12-SP2-2017-998,SUSE-SLE-SERVER-12-SP2-2017-998", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1622-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2017:1622-1", "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171622-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2017:1622-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-June/002964.html" }, { "category": "self", "summary": "SUSE Bug 1038709", "url": "https://bugzilla.suse.com/1038709" }, { "category": "self", "summary": "SUSE Bug 1038711", "url": "https://bugzilla.suse.com/1038711" }, { "category": "self", "summary": "SUSE Bug 1038713", "url": "https://bugzilla.suse.com/1038713" }, { "category": "self", "summary": "SUSE Bug 995374", "url": "https://bugzilla.suse.com/995374" }, { "category": "self", "summary": "SUSE CVE CVE-2016-6329 page", "url": "https://www.suse.com/security/cve/CVE-2016-6329/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-7478 page", "url": "https://www.suse.com/security/cve/CVE-2017-7478/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-7479 page", "url": "https://www.suse.com/security/cve/CVE-2017-7479/" } ], "title": "Security update for openvpn", "tracking": { "current_release_date": "2017-06-20T06:39:38Z", "generator": { "date": "2017-06-20T06:39:38Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2017:1622-1", "initial_release_date": "2017-06-20T06:39:38Z", "revision_history": [ { "date": "2017-06-20T06:39:38Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "openvpn-2.3.8-16.14.1.aarch64", "product": { "name": "openvpn-2.3.8-16.14.1.aarch64", "product_id": "openvpn-2.3.8-16.14.1.aarch64" } }, { "category": "product_version", "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "product": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "product_id": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "openvpn-2.3.8-16.14.1.ppc64le", "product": { "name": "openvpn-2.3.8-16.14.1.ppc64le", "product_id": "openvpn-2.3.8-16.14.1.ppc64le" } }, { "category": "product_version", "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "product": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "product_id": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openvpn-2.3.8-16.14.1.s390x", "product": { "name": "openvpn-2.3.8-16.14.1.s390x", "product_id": "openvpn-2.3.8-16.14.1.s390x" } }, { "category": "product_version", "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "product": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "product_id": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openvpn-2.3.8-16.14.1.x86_64", "product": { "name": "openvpn-2.3.8-16.14.1.x86_64", "product_id": "openvpn-2.3.8-16.14.1.x86_64" } }, { "category": "product_version", "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "product": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "product_id": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP2", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP2", "product_id": "SUSE Linux Enterprise Desktop 12 SP2", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", "product": { "name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP2", "product": { "name": "SUSE Linux Enterprise Server 12 SP2", "product_id": "SUSE Linux Enterprise Server 12 SP2", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp2" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.3.8-16.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2", "product_id": "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64" }, "product_reference": "openvpn-2.3.8-16.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64" }, "product_reference": "openvpn-2.3.8-16.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", "product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64" }, "product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", "product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64" }, "product_reference": "openvpn-2.3.8-16.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.3.8-16.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", "product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le" }, "product_reference": "openvpn-2.3.8-16.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.3.8-16.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", "product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x" }, "product_reference": "openvpn-2.3.8-16.14.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.3.8-16.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", "product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64" }, "product_reference": "openvpn-2.3.8-16.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", "product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64" }, "product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", "product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le" }, "product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", "product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x" }, "product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", "product_id": "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" }, "product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64" }, "product_reference": "openvpn-2.3.8-16.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.3.8-16.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le" }, "product_reference": "openvpn-2.3.8-16.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.3.8-16.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x" }, "product_reference": "openvpn-2.3.8-16.14.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-2.3.8-16.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64" }, "product_reference": "openvpn-2.3.8-16.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64" }, "product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le" }, "product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x" }, "product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" }, "product_reference": "openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-6329", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-6329" } ], "notes": [ { "category": "general", "text": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-6329", "url": "https://www.suse.com/security/cve/CVE-2016-6329" }, { "category": "external", "summary": "SUSE Bug 1026864 for CVE-2016-6329", "url": "https://bugzilla.suse.com/1026864" }, { "category": "external", "summary": "SUSE Bug 995374 for CVE-2016-6329", "url": "https://bugzilla.suse.com/995374" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-06-20T06:39:38Z", "details": "moderate" } ], "title": "CVE-2016-6329" }, { "cve": "CVE-2017-7478", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-7478" } ], "notes": [ { "category": "general", "text": "OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-7478", "url": "https://www.suse.com/security/cve/CVE-2017-7478" }, { "category": "external", "summary": "SUSE Bug 1038709 for CVE-2017-7478", "url": "https://bugzilla.suse.com/1038709" }, { "category": "external", "summary": "SUSE Bug 1038713 for CVE-2017-7478", "url": "https://bugzilla.suse.com/1038713" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-06-20T06:39:38Z", "details": "important" } ], "title": "CVE-2017-7478" }, { "cve": "CVE-2017-7479", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-7479" } ], "notes": [ { "category": "general", "text": "OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-7479", "url": "https://www.suse.com/security/cve/CVE-2017-7479" }, { "category": "external", "summary": "SUSE Bug 1038711 for CVE-2017-7479", "url": "https://bugzilla.suse.com/1038711" }, { "category": "external", "summary": "SUSE Bug 1038713 for CVE-2017-7479", "url": "https://bugzilla.suse.com/1038713" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-2.3.8-16.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-06-20T06:39:38Z", "details": "moderate" } ], "title": "CVE-2017-7479" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.