CVE-2006-3738

Common Vulnerabilities and Exposures

Upstream information

CVE-2006-3738 at MITRE

Description

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

NVD CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entries: 202366, 207635, 215623

SUSE Security Advisories:

SUSE-SA:2006:058, published Thu, 28 Sep 2006 18:00:00 +0000
SUSE-SR:2006:024, published Fri, 06 Oct 2006 14:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE LINUX 10.0	`compat-openssl096g >= 0.9.6g-4.2`
SUSE LINUX 9.2	`compat-openssl096g >= 0.9.6g-2.2`
SUSE LINUX 9.3	`compat-openssl096g >= 0.9.6g-3.2`
SuSE Linux Desktop 1.0	`openssl >= 0.9.6g-139`	sles9-oes.x86 ul1.s390 sles10.s390x slox4.x86 core9.s390 sled10.x86 YOU Patch Nr: 11234 ZYPP Patch Nr: 2141
SuSE Linux Enterprise Server 8 for IBM zSeries	`openssl >= 0.9.6g-139` `openssl-devel >= 0.9.6g-139`	sles9-oes.x86 ul1.s390 sles10.s390x slox4.x86 core9.s390 sled10.x86 YOU Patch Nr: 11234 ZYPP Patch Nr: 2141
Novell Linux Desktop 9 for x86_64	`openssl >= 0.9.7d-15.29` `openssl-32bit >= 9-200609270654` `openssl-devel >= 0.9.7d-15.29` `openssl-devel-32bit >= 9-200609270654`	sles9-oes.x86 ul1.s390 sles10.s390x slox4.x86 core9.s390 sled10.x86 YOU Patch Nr: 11234 ZYPP Patch Nr: 2141
Novell Linux Desktop 9 for x86 Open Enterprise Server	`openssl >= 0.9.7d-15.29` `openssl-devel >= 0.9.7d-15.29`	sles9-oes.x86 ul1.s390 sles10.s390x slox4.x86 core9.s390 sled10.x86 YOU Patch Nr: 11234 ZYPP Patch Nr: 2141
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`openssl >= 0.9.6g-138` `openssl-devel >= 0.9.6g-138`	sles9-oes.x86 ul1.s390 sles10.s390x slox4.x86 core9.s390 sled10.x86 YOU Patch Nr: 11234 ZYPP Patch Nr: 2141
SUSE CORE 9 for AMD64 and Intel EM64T	`openssl >= 0.9.7d-15.48` `openssl-devel >= 0.9.7d-15.48` `openssl-doc >= 0.9.7d-15.48`	Builds YOU Patch Nr: 12759
SUSE LINUX 10.1	`compat-openssl097g >= 0.9.7g-13.5` `compat-openssl097g-32bit >= 0.9.7g-13.5` `compat-openssl097g-64bit >= 0.9.7g-13.5`
SuSE Linux Enterprise Server 8 for IBM zSeries	`openssl-z990 >= 0.9.7c-9`	ul1.s390 YOU Patch Nr: 11271
SUSE LINUX 10.0	`openssl >= 0.9.7g-2.10` `openssl-32bit >= 0.9.7g-2.10` `openssl-64bit >= 0.9.7g-2.10` `openssl-devel >= 0.9.7g-2.10` `openssl-devel-32bit >= 0.9.7g-2.10` `openssl-devel-64bit >= 0.9.7g-2.10`
SUSE LINUX 10.1	`openssl >= 0.9.8a-18.10` `openssl-32bit >= 0.9.8a-18.10` `openssl-64bit >= 0.9.8a-18.10` `openssl-devel >= 0.9.8a-18.10` `openssl-devel-32bit >= 0.9.8a-18.10` `openssl-devel-64bit >= 0.9.8a-18.10`
SUSE LINUX 9.2	`openssl >= 0.9.7d-25.6` `openssl-32bit >= 9.2-200609270647` `openssl-devel >= 0.9.7d-25.6` `openssl-devel-32bit >= 9.2-200609270647`
SUSE LINUX 9.3	`openssl >= 0.9.7e-3.6` `openssl-32bit >= 9.3-7.3` `openssl-devel >= 0.9.7e-3.6` `openssl-devel-32bit >= 9.3-7.3`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy