Novell Home

CVE-2006-4339

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2006-4339 at MITRE

Description

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entries: 202366, 203595, 206636, 207635, 215623, 218303, 233584, 564512

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.0
  • bind >= 9.3.1-8.4
  • bind-libs >= 9.3.1-8.4
  • bind-libs-32bit >= 9.3.1-8.4
  • bind-libs-64bit >= 9.3.1-8.4
  • bind-utils >= 9.3.1-8.4
SUSE LINUX 10.1
  • bind >= 9.3.2-17.11
  • bind-libs >= 9.3.2-17.11
  • bind-libs-32bit >= 9.3.2-17.11
  • bind-libs-64bit >= 9.3.2-17.11
  • bind-utils >= 9.3.2-17.11
SUSE LINUX 9.3
  • bind >= 9.3.1-3.5
  • bind-libs >= 9.3.1-3.5
  • bind-libs-32bit >= 9.3-7.3
  • bind-utils >= 9.3.1-3.5
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • bind >= 9.2.3-76.28
  • bind-utils >= 9.2.3-76.28
sles10.x86
sles10.s390x
sles9-oes.x86
YOU Patch Nr: 11303
ZYPP Patch Nr: 2268
Novell Linux Desktop 9 for x86_64
  • bind >= 9.2.3-76.28
  • bind-utils >= 9.2.3-76.28
  • bind-utils-32bit >= 9-200611140525
sles10.x86
sles10.s390x
sles9-oes.x86
YOU Patch Nr: 11303
ZYPP Patch Nr: 2268
SuSE Linux Desktop 1.0
  • openssl >= 0.9.6g-135
slrs8.x86
sles10.s390x
sles9-oes.x86
sles10.x86
ul1.s390
core9.s390
YOU Patch Nr: 11217
ZYPP Patch Nr: 2082
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • openssl >= 0.9.6g-136
  • openssl-devel >= 0.9.6g-136
slrs8.x86
sles10.s390x
sles9-oes.x86
sles10.x86
ul1.s390
core9.s390
YOU Patch Nr: 11217
ZYPP Patch Nr: 2082
Novell Linux Desktop 9 for x86_64
  • openssl >= 0.9.7d-15.26
  • openssl-32bit >= 9-200609140529
  • openssl-devel >= 0.9.7d-15.26
  • openssl-devel-32bit >= 9-200609140529
slrs8.x86
sles10.s390x
sles9-oes.x86
sles10.x86
ul1.s390
core9.s390
YOU Patch Nr: 11217
ZYPP Patch Nr: 2082
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • openssl >= 0.9.7d-15.26
  • openssl-devel >= 0.9.7d-15.26
slrs8.x86
sles10.s390x
sles9-oes.x86
sles10.x86
ul1.s390
core9.s390
YOU Patch Nr: 11217
ZYPP Patch Nr: 2082
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • IBMJava2-JRE_1_4 >= 1.4.1-23
  • IBMJava2-SDK_1_4 >= 1.4.1-23
ul1.x86-64
ul1.s390
YOU Patch Nr: 11440
SuSE Linux Enterprise Server 8 for IBM zSeries
  • IBMJava2-SDK_1_4 >= 1.4.1-23
ul1.x86-64
ul1.s390
YOU Patch Nr: 11440
SuSE Linux Enterprise Server 8 for AMD64
UnitedLinux 1.0
  • IBMJava2-JRE_1_4 >= 1.4.2-0.4
  • IBMJava2-SDK_1_4 >= 1.4.2-0.4
ul1.x86-64
ul1.s390
YOU Patch Nr: 11440
SUSE LINUX 10.1
  • compat-openssl097g >= 0.9.7g-13.5
  • compat-openssl097g-32bit >= 0.9.7g-13.5
  • compat-openssl097g-64bit >= 0.9.7g-13.5
SuSE Linux Desktop 1.0
  • bind9-utils >= 9.1.3-338
ul1.s390
slrs8.x86
YOU Patch Nr: 11302
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • bind9 >= 9.2.2-96
  • bind9-utils >= 9.2.2-96
ul1.s390
slrs8.x86
YOU Patch Nr: 11302
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • IBMJava2-JRE >= 1.3.1-237
  • IBMJava2-SDK >= 1.3.1-237
slrs8.x86
YOU Patch Nr: 11387
SuSE Linux Enterprise Server 8 for IBM zSeries
  • openssl-z990 >= 0.9.7c-9
ul1.s390
YOU Patch Nr: 11271
SUSE LINUX 10.0
  • openssl >= 0.9.7g-2.8
  • openssl-32bit >= 0.9.7g-2.8
  • openssl-64bit >= 0.9.7g-2.8
  • openssl-devel >= 0.9.7g-2.8
  • openssl-devel-32bit >= 0.9.7g-2.8
  • openssl-devel-64bit >= 0.9.7g-2.8
SUSE LINUX 10.1
  • openssl >= 0.9.8a-18.7
  • openssl-32bit >= 0.9.8a-18.7
  • openssl-64bit >= 0.9.8a-18.7
  • openssl-devel >= 0.9.8a-18.7
  • openssl-devel-32bit >= 0.9.8a-18.7
  • openssl-devel-64bit >= 0.9.8a-18.7
SUSE LINUX 9.2
  • openssl >= 0.9.7d-25.4
  • openssl-32bit >= 9.2-200609140724
  • openssl-devel >= 0.9.7d-25.4
  • openssl-devel-32bit >= 9.2-200609140724
SUSE LINUX 9.3
  • openssl >= 0.9.7e-3.4
  • openssl-32bit >= 9.3-7.2
  • openssl-devel >= 0.9.7e-3.4
  • openssl-devel-32bit >= 9.3-7.2
SUSE LINUX 10.0
SUSE LINUX 10.1
SUSE LINUX 9.2
SUSE LINUX 9.3
  • opera >= 9.02-4.1

© 2014 Novell