CVE-2006-2940

Common Vulnerabilities and Exposures

Upstream information

CVE-2006-2940 at MITRE

Description

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

NVD CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Novell/SUSE information

Novell Bugzilla entries: 202366, 207635, 208971, 215623, 223040

SUSE Security Advisories:

SUSE-SA:2006:058, published Thu, 28 Sep 2006 18:00:00 +0000
SUSE-SR:2006:024, published Fri, 06 Oct 2006 14:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE LINUX 10.0	`compat-openssl096g >= 0.9.6g-4.2`
SUSE LINUX 9.2	`compat-openssl096g >= 0.9.6g-2.2`
SUSE LINUX 9.3	`compat-openssl096g >= 0.9.6g-3.2`
Novell Linux Desktop 9 for x86_64	`openssl >= 0.9.7d-15.32` `openssl-32bit >= 9-200610132325` `openssl-devel >= 0.9.7d-15.32` `openssl-devel-32bit >= 9-200610132325`	core9.s390 sles9-oes.x86 sles10.s390x sled10.x86 YOU Patch Nr: 11244 ZYPP Patch Nr: 2175
Novell Linux Desktop 9 for x86 Open Enterprise Server	`openssl >= 0.9.7d-15.32` `openssl-devel >= 0.9.7d-15.32`	core9.s390 sles9-oes.x86 sles10.s390x sled10.x86 YOU Patch Nr: 11244 ZYPP Patch Nr: 2175
SuSE Linux Desktop 1.0	`openssl >= 0.9.6g-139`	sles9-oes.x86 ul1.s390 sles10.s390x slox4.x86 core9.s390 sled10.x86 YOU Patch Nr: 11234 ZYPP Patch Nr: 2141
SuSE Linux Enterprise Server 8 for IBM zSeries	`openssl >= 0.9.6g-139` `openssl-devel >= 0.9.6g-139`	sles9-oes.x86 ul1.s390 sles10.s390x slox4.x86 core9.s390 sled10.x86 YOU Patch Nr: 11234 ZYPP Patch Nr: 2141
Novell Linux Desktop 9 for x86_64	`openssl >= 0.9.7d-15.29` `openssl-32bit >= 9-200609270654` `openssl-devel >= 0.9.7d-15.29` `openssl-devel-32bit >= 9-200609270654`	sles9-oes.x86 ul1.s390 sles10.s390x slox4.x86 core9.s390 sled10.x86 YOU Patch Nr: 11234 ZYPP Patch Nr: 2141
Novell Linux Desktop 9 for x86 Open Enterprise Server	`openssl >= 0.9.7d-15.29` `openssl-devel >= 0.9.7d-15.29`	sles9-oes.x86 ul1.s390 sles10.s390x slox4.x86 core9.s390 sled10.x86 YOU Patch Nr: 11234 ZYPP Patch Nr: 2141
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`openssl >= 0.9.6g-138` `openssl-devel >= 0.9.6g-138`	sles9-oes.x86 ul1.s390 sles10.s390x slox4.x86 core9.s390 sled10.x86 YOU Patch Nr: 11234 ZYPP Patch Nr: 2141
SUSE CORE 9 for AMD64 and Intel EM64T	`openssl >= 0.9.7d-15.48` `openssl-devel >= 0.9.7d-15.48` `openssl-doc >= 0.9.7d-15.48`	Builds YOU Patch Nr: 12759
SUSE LINUX 10.0	`openssl >= 0.9.7g-2.12` `openssl-32bit >= 0.9.7g-2.12` `openssl-64bit >= 0.9.7g-2.12` `openssl-devel >= 0.9.7g-2.12` `openssl-devel-32bit >= 0.9.7g-2.12` `openssl-devel-64bit >= 0.9.7g-2.12`
SUSE LINUX 10.1	`openssl >= 0.9.8a-18.13` `openssl-32bit >= 0.9.8a-18.13` `openssl-64bit >= 0.9.8a-18.13` `openssl-devel >= 0.9.8a-18.13` `openssl-devel-32bit >= 0.9.8a-18.13` `openssl-devel-64bit >= 0.9.8a-18.13`
SUSE LINUX 9.2	`openssl >= 0.9.7d-25.8` `openssl-32bit >= 9.2-200610140358` `openssl-devel >= 0.9.7d-25.8` `openssl-devel-32bit >= 9.2-200610140358`
SUSE LINUX 9.3	`openssl >= 0.9.7e-3.8` `openssl-32bit >= 9.3-7.4` `openssl-devel >= 0.9.7e-3.8` `openssl-devel-32bit >= 9.3-7.4`
SUSE LINUX 10.1	`compat-openssl097g >= 0.9.7g-13.5` `compat-openssl097g-32bit >= 0.9.7g-13.5` `compat-openssl097g-64bit >= 0.9.7g-13.5`
SuSE Linux Enterprise Server 8 for IBM zSeries	`openssl-z990 >= 0.9.7c-9`	ul1.s390 YOU Patch Nr: 11271
SUSE LINUX 10.0	`openssl >= 0.9.7g-2.10` `openssl-32bit >= 0.9.7g-2.10` `openssl-64bit >= 0.9.7g-2.10` `openssl-devel >= 0.9.7g-2.10` `openssl-devel-32bit >= 0.9.7g-2.10` `openssl-devel-64bit >= 0.9.7g-2.10`
SUSE LINUX 10.1	`openssl >= 0.9.8a-18.10` `openssl-32bit >= 0.9.8a-18.10` `openssl-64bit >= 0.9.8a-18.10` `openssl-devel >= 0.9.8a-18.10` `openssl-devel-32bit >= 0.9.8a-18.10` `openssl-devel-64bit >= 0.9.8a-18.10`
SUSE LINUX 9.2	`openssl >= 0.9.7d-25.6` `openssl-32bit >= 9.2-200609270647` `openssl-devel >= 0.9.7d-25.6` `openssl-devel-32bit >= 9.2-200609270647`
SUSE LINUX 9.3	`openssl >= 0.9.7e-3.6` `openssl-32bit >= 9.3-7.3` `openssl-devel >= 0.9.7e-3.6` `openssl-devel-32bit >= 9.3-7.3`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy