Novell Home

CVE-2006-2940

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2006-2940 at MITRE

Description

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

NVD CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Novell/SUSE information

Novell Bugzilla entries: 202366, 207635, 208971, 215623, 223040

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.0
  • compat-openssl096g >= 0.9.6g-4.2
SUSE LINUX 9.2
  • compat-openssl096g >= 0.9.6g-2.2
SUSE LINUX 9.3
  • compat-openssl096g >= 0.9.6g-3.2
Novell Linux Desktop 9 for x86_64
  • openssl >= 0.9.7d-15.32
  • openssl-32bit >= 9-200610132325
  • openssl-devel >= 0.9.7d-15.32
  • openssl-devel-32bit >= 9-200610132325
core9.s390
sles9-oes.x86
sles10.s390x
sled10.x86
YOU Patch Nr: 11244
ZYPP Patch Nr: 2175
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • openssl >= 0.9.7d-15.32
  • openssl-devel >= 0.9.7d-15.32
core9.s390
sles9-oes.x86
sles10.s390x
sled10.x86
YOU Patch Nr: 11244
ZYPP Patch Nr: 2175
SuSE Linux Desktop 1.0
  • openssl >= 0.9.6g-139
sles9-oes.x86
ul1.s390
sles10.s390x
slox4.x86
core9.s390
sled10.x86
YOU Patch Nr: 11234
ZYPP Patch Nr: 2141
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • openssl >= 0.9.6g-138
  • openssl-devel >= 0.9.6g-138
sles9-oes.x86
ul1.s390
sles10.s390x
slox4.x86
core9.s390
sled10.x86
YOU Patch Nr: 11234
ZYPP Patch Nr: 2141
SuSE Linux Enterprise Server 8 for IBM zSeries
  • openssl >= 0.9.6g-139
  • openssl-devel >= 0.9.6g-139
sles9-oes.x86
ul1.s390
sles10.s390x
slox4.x86
core9.s390
sled10.x86
YOU Patch Nr: 11234
ZYPP Patch Nr: 2141
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • openssl >= 0.9.7d-15.29
  • openssl-devel >= 0.9.7d-15.29
sles9-oes.x86
ul1.s390
sles10.s390x
slox4.x86
core9.s390
sled10.x86
YOU Patch Nr: 11234
ZYPP Patch Nr: 2141
Novell Linux Desktop 9 for x86_64
  • openssl >= 0.9.7d-15.29
  • openssl-32bit >= 9-200609270654
  • openssl-devel >= 0.9.7d-15.29
  • openssl-devel-32bit >= 9-200609270654
sles9-oes.x86
ul1.s390
sles10.s390x
slox4.x86
core9.s390
sled10.x86
YOU Patch Nr: 11234
ZYPP Patch Nr: 2141
SUSE CORE 9 for AMD64 and Intel EM64T
  • openssl >= 0.9.7d-15.48
  • openssl-devel >= 0.9.7d-15.48
  • openssl-doc >= 0.9.7d-15.48
Builds
YOU Patch Nr: 12759
SUSE LINUX 10.0
  • openssl >= 0.9.7g-2.12
  • openssl-32bit >= 0.9.7g-2.12
  • openssl-64bit >= 0.9.7g-2.12
  • openssl-devel >= 0.9.7g-2.12
  • openssl-devel-32bit >= 0.9.7g-2.12
  • openssl-devel-64bit >= 0.9.7g-2.12
SUSE LINUX 10.1
  • openssl >= 0.9.8a-18.13
  • openssl-32bit >= 0.9.8a-18.13
  • openssl-64bit >= 0.9.8a-18.13
  • openssl-devel >= 0.9.8a-18.13
  • openssl-devel-32bit >= 0.9.8a-18.13
  • openssl-devel-64bit >= 0.9.8a-18.13
SUSE LINUX 9.2
  • openssl >= 0.9.7d-25.8
  • openssl-32bit >= 9.2-200610140358
  • openssl-devel >= 0.9.7d-25.8
  • openssl-devel-32bit >= 9.2-200610140358
SUSE LINUX 9.3
  • openssl >= 0.9.7e-3.8
  • openssl-32bit >= 9.3-7.4
  • openssl-devel >= 0.9.7e-3.8
  • openssl-devel-32bit >= 9.3-7.4
SUSE LINUX 10.1
  • compat-openssl097g >= 0.9.7g-13.5
  • compat-openssl097g-32bit >= 0.9.7g-13.5
  • compat-openssl097g-64bit >= 0.9.7g-13.5
SuSE Linux Enterprise Server 8 for IBM zSeries
  • openssl-z990 >= 0.9.7c-9
ul1.s390
YOU Patch Nr: 11271
SUSE LINUX 10.0
  • openssl >= 0.9.7g-2.10
  • openssl-32bit >= 0.9.7g-2.10
  • openssl-64bit >= 0.9.7g-2.10
  • openssl-devel >= 0.9.7g-2.10
  • openssl-devel-32bit >= 0.9.7g-2.10
  • openssl-devel-64bit >= 0.9.7g-2.10
SUSE LINUX 10.1
  • openssl >= 0.9.8a-18.10
  • openssl-32bit >= 0.9.8a-18.10
  • openssl-64bit >= 0.9.8a-18.10
  • openssl-devel >= 0.9.8a-18.10
  • openssl-devel-32bit >= 0.9.8a-18.10
  • openssl-devel-64bit >= 0.9.8a-18.10
SUSE LINUX 9.2
  • openssl >= 0.9.7d-25.6
  • openssl-32bit >= 9.2-200609270647
  • openssl-devel >= 0.9.7d-25.6
  • openssl-devel-32bit >= 9.2-200609270647
SUSE LINUX 9.3
  • openssl >= 0.9.7e-3.6
  • openssl-32bit >= 9.3-7.3
  • openssl-devel >= 0.9.7e-3.6
  • openssl-devel-32bit >= 9.3-7.3

© 2014 Novell