Skip to Content
Solutions
+ Not Sure? Try our solution finder
Data Center

Virtualization & Workload Management

Business Service Management

Identity & Security

Compliance Management

Identity & Access Management

Security Management
End-User Computing

Collaboration

Endpoint Management

Markets

Cloud Computing

Intelligent Workload Management

Log Management
Looking for Linux? See our new home at SUSE.com
Products
Products By Category

Novell

Collaboration

Data Synchronizer

GroupWise

Open Workgroup Suite

Vibe

Endpoint Management

Endpoint Lifecycle Management Suite

Service Desk

ZENworks Application Virtualization

ZENworks Asset Management

ZENworks Configuration Management

ZENworks Endpoint Security Management

ZENworks Linux Management

ZENworks Patch Management

ZENworks Virtual Appliance

File & Networking Services

Business Continuity Clustering

File Management Suite

File Reporter

Filr

Open Enterprise Server

Storage Manager

NetIQ (Moving soon to NetIQ.com)

Data Center

Cloud Manager

Operations Center

PlateSpin Forge

PlateSpin Migrate

PlateSpin Orchestrate

PlateSpin Protect

PlateSpin Recon

Identity & Security

Access Governance Suite

Access Manager

Cloud Security Service

Compliance Management Platform

Identity Manager

LDAP Proxy

Privileged User Manager

SecureLogin

Sentinel

Sentinel Log Manager

Sentinel Rapid Deployment

Looking for Linux? See our new home at SUSE.com
A-Z

A

Access Governance Suite

Access Manager

B

BorderManager

Business Continuity Clustering

C

Client for Linux

Client for Windows XP/2000

Cloud Manager

Cloud Security Service

Cluster Services for Open Enterprise Server

Compliance Management Platform

D

Data Synchronizer

E

eDirectory

Endpoint Lifecycle Management Suite

F

File Management Suite

File Reporter

G

GroupWise

I

Identity Assurance Solution

Identity Audit

Identity Manager

Identity Manager Integration Modules

iFolder 2.1

iManager

J

JBoss Enterprise Middleware

L

LDAP Proxy

M

Modular Authentication Service (NMAS)

N

NFS Gateway for NetWare 6.5

NICI Encryption Modules

O

Open Enterprise Server

Open Workgroup Suite

Open Workgroup Suite Small Business Edition

Operations Center

P

PlateSpin Forge

PlateSpin Migrate

PlateSpin Orchestrate

PlateSpin Protect

PlateSpin Recon

Privileged User Manager

S

SecureLogin

Sentinel

Sentinel Log Manager

Service Desk

Storage Manager

V

Vibe

Z

ZENworks Application Virtualization

ZENworks Asset Management

ZENworks Configuration Management

ZENworks Virtual Appliance

ZENworks Endpoint Security Management

ZENworks Handheld Management

ZENworks Linux Management

ZENworks Patch Management

Looking for Linux? See our new home at SUSE.com
Services & Support
+ Novell Services Overview
Self Support

Knowledgebase

Novell Support Advisor

Discussion Forums

Documentation

Support by Product

Activate My Product

Technical Subscriptions

Support Programs

Support from Partner

Entitlement & Access

Open Service Request

Novell Support Programs

Product Support Lifecycle

Chat with Us (Non-technical Questions)
Technical Training

Look Up & Locate Training

Certification and Testing

Advanced Technical Training

Custom On-site Training

Free Training

On-demand Training

Online Training

Technical Skills Assessments

Training Partners

Contribute

Participate in Beta

Report Bug

Share a Tip, Trick, etc.

Request Enhancement

Report Software Vulnerability
Download

Patches

Products

Drivers

Beta

Cool Tools

Customer Center

My Profile

My Products

My Support

My Training

Open Service Request
IT Consulting

Why Consulting

Consulting Offerings

Delivery Excellence Reviews

Fast Tracks

NetWare to Open Enterprise Server

Novell Teaming

ZENworks Migration Assurance

PlateSpin Forge
Partners
+ Novell Partners Overview
Partner With Novell

Solution Provider & System Integrator

Hardware Vendor

Software Vendor

Training Provider

PartnerNet

PartnerNet Login

PartnerNet Community

Enablement Central
Find a Partner

Partner Locator

SUSE Linux Enterprise ISV Catalog

Certified Partner Products

Developers

YES Certified Program

Developer Community
Communities
+ Novell Communities Overview
User Communities

Social Networks

Novell Blogs & Podcasts
About Novell
+ About Novell
Contact Us

Our Customers

Executive Management

Job Search

Connection Magazine

Events

Media Gallery

Industry Analysts

Press Releases

Subscribe
How to Buy
+ How to Buy Overview
Request a Call

Find a Partner

shopNovell

Shop for Training

Volume Licensing & Buying Programs

Novell Merchandise

CVE-2008-5077

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2008-5077 at MITRE

Description

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

NVD CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 459468, 465675, 465676, 468866, 470968, 475108, 552497, 629905, 708266

SUSE Security Advisories:

SUSE-SA:2009:006, published Fri, 23 Jan 2009 16:00:00 +0000
SUSE-SU-2011:0847-1, published Wed, 27 Jul 2011 17:08:16 +0200 (CEST)
openSUSE-SU-2011:0845-1, published Wed, 27 Jul 2011 16:08:25 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
Novell Linux Desktop 9 for x86 Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for x86	`openssl >= 0.9.7d-15.37` `openssl-devel >= 0.9.7d-15.37` `openssl-doc >= 0.9.7d-15.37`	core9.ia64 core9.ppc core9.s390 core9.x86-64 core9.x86 sles9-nlpos.x86 sles9-oes.x86 core9.s390x sles9-nld.x86-64 sles9-nld.x86 YOU Patch Nr: 12341
SUSE CORE 9 for Itanium Processor Family	`openssl >= 0.9.7d-15.37` `openssl-devel >= 0.9.7d-15.37` `openssl-doc >= 0.9.7d-15.37` `openssl-x86 >= 9-200901211340`	core9.ia64 core9.ppc core9.s390 core9.x86-64 core9.x86 sles9-nlpos.x86 sles9-oes.x86 core9.s390x sles9-nld.x86-64 sles9-nld.x86 YOU Patch Nr: 12341
SUSE CORE 9 for IBM POWER	`openssl >= 0.9.7d-15.37` `openssl-64bit >= 9-200901211338` `openssl-devel >= 0.9.7d-15.37` `openssl-devel-64bit >= 9-200901211338` `openssl-doc >= 0.9.7d-15.37`	core9.ia64 core9.ppc core9.s390 core9.x86-64 core9.x86 sles9-nlpos.x86 sles9-oes.x86 core9.s390x sles9-nld.x86-64 sles9-nld.x86 YOU Patch Nr: 12341
SUSE CORE 9 for IBM zSeries 64bit	`openssl >= 0.9.7d-15.37` `openssl-32bit >= 9-200901211332` `openssl-devel >= 0.9.7d-15.37` `openssl-devel-32bit >= 9-200901211332` `openssl-doc >= 0.9.7d-15.37`	core9.ia64 core9.ppc core9.s390 core9.x86-64 core9.x86 sles9-nlpos.x86 sles9-oes.x86 core9.s390x sles9-nld.x86-64 sles9-nld.x86 YOU Patch Nr: 12341
Novell Linux Desktop 9 for x86_64 SUSE CORE 9 for AMD64 and Intel EM64T	`openssl >= 0.9.7d-15.37` `openssl-32bit >= 9-200901211340` `openssl-devel >= 0.9.7d-15.37` `openssl-devel-32bit >= 9-200901211340` `openssl-doc >= 0.9.7d-15.37`	core9.ia64 core9.ppc core9.s390 core9.x86-64 core9.x86 sles9-nlpos.x86 sles9-oes.x86 core9.s390x sles9-nld.x86-64 sles9-nld.x86 YOU Patch Nr: 12341
SUSE Linux Enterprise Desktop 10 SP2 for x86	`openssl >= 0.9.8a-18.27` `openssl-devel >= 0.9.8a-18.27`	sles10-sp2-debuginfo.x86-64 sled10-sp2.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.ppc sles10-sp2.x86 sle10-sp2-sdk.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86-64 sles10-sp2.ppc sle10-sp2-sdk.ppc sled10-sp2.x86 sles10-sp2-debuginfo.s390x sles10-sp2-debuginfo.ia64 sles10-sp2.ia64 sles10-sp2.s390x sle10-sp2-sdk.s390x sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 5949
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T	`openssl >= 0.9.8a-18.27` `openssl-32bit >= 0.9.8a-18.27` `openssl-devel >= 0.9.8a-18.27` `openssl-devel-32bit >= 0.9.8a-18.27`	sles10-sp2-debuginfo.x86-64 sled10-sp2.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.ppc sles10-sp2.x86 sle10-sp2-sdk.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86-64 sles10-sp2.ppc sle10-sp2-sdk.ppc sled10-sp2.x86 sles10-sp2-debuginfo.s390x sles10-sp2-debuginfo.ia64 sles10-sp2.ia64 sles10-sp2.s390x sle10-sp2-sdk.s390x sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 5949
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM POWER SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit SUSE Linux Enterprise 10 SP2 DEBUGINFO for IPF SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86	`openssl-debuginfo >= 0.9.8a-18.27`	sles10-sp2-debuginfo.x86-64 sled10-sp2.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.ppc sles10-sp2.x86 sle10-sp2-sdk.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86-64 sles10-sp2.ppc sle10-sp2-sdk.ppc sled10-sp2.x86 sles10-sp2-debuginfo.s390x sles10-sp2-debuginfo.ia64 sles10-sp2.ia64 sles10-sp2.s390x sle10-sp2-sdk.s390x sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 5949
SUSE Linux Enterprise Server 10 SP2 for x86	`openssl >= 0.9.8a-18.27` `openssl-devel >= 0.9.8a-18.27` `openssl-doc >= 0.9.8a-18.27`	sles10-sp2-debuginfo.x86-64 sled10-sp2.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.ppc sles10-sp2.x86 sle10-sp2-sdk.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86-64 sles10-sp2.ppc sle10-sp2-sdk.ppc sled10-sp2.x86 sles10-sp2-debuginfo.s390x sles10-sp2-debuginfo.ia64 sles10-sp2.ia64 sles10-sp2.s390x sle10-sp2-sdk.s390x sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 5949
SUSE Linux Enterprise Server 10 SP2 for IPF	`openssl >= 0.9.8a-18.27` `openssl-devel >= 0.9.8a-18.27` `openssl-doc >= 0.9.8a-18.27` `openssl-x86 >= 0.9.8a-18.27`	sles10-sp2-debuginfo.x86-64 sled10-sp2.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.ppc sles10-sp2.x86 sle10-sp2-sdk.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86-64 sles10-sp2.ppc sle10-sp2-sdk.ppc sled10-sp2.x86 sles10-sp2-debuginfo.s390x sles10-sp2-debuginfo.ia64 sles10-sp2.ia64 sles10-sp2.s390x sle10-sp2-sdk.s390x sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 5949
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`openssl >= 0.9.8a-18.27` `openssl-64bit >= 0.9.8a-18.27` `openssl-devel >= 0.9.8a-18.27` `openssl-devel-64bit >= 0.9.8a-18.27` `openssl-doc >= 0.9.8a-18.27`	sles10-sp2-debuginfo.x86-64 sled10-sp2.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.ppc sles10-sp2.x86 sle10-sp2-sdk.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86-64 sles10-sp2.ppc sle10-sp2-sdk.ppc sled10-sp2.x86 sles10-sp2-debuginfo.s390x sles10-sp2-debuginfo.ia64 sles10-sp2.ia64 sles10-sp2.s390x sle10-sp2-sdk.s390x sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 5949
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`openssl >= 0.9.8a-18.27` `openssl-32bit >= 0.9.8a-18.27` `openssl-devel >= 0.9.8a-18.27` `openssl-devel-32bit >= 0.9.8a-18.27` `openssl-doc >= 0.9.8a-18.27`	sles10-sp2-debuginfo.x86-64 sled10-sp2.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.ppc sles10-sp2.x86 sle10-sp2-sdk.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86-64 sles10-sp2.ppc sle10-sp2-sdk.ppc sled10-sp2.x86 sles10-sp2-debuginfo.s390x sles10-sp2-debuginfo.ia64 sles10-sp2.ia64 sles10-sp2.s390x sle10-sp2-sdk.s390x sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 5949
openSUSE 11.3 DEBUGINFO	`compat-openssl097g-debuginfo >= 0.9.7g-155.3.1` `compat-openssl097g-debuginfo-32bit >= 0.9.7g-155.3.1` `compat-openssl097g-debugsource >= 0.9.7g-155.3.1`	SAT Patch Nr: 4909
openSUSE 11.3	`compat-openssl097g >= 0.9.7g-155.3.1` `compat-openssl097g-32bit >= 0.9.7g-155.3.1`	SAT Patch Nr: 4909
openSUSE 11.4 DEBUGINFO	`compat-openssl097g-debuginfo >= 0.9.7g-158.159.1` `compat-openssl097g-debuginfo-32bit >= 0.9.7g-158.159.1` `compat-openssl097g-debugsource >= 0.9.7g-158.159.1`	SAT Patch Nr: 4909
openSUSE 11.4	`compat-openssl097g >= 0.9.7g-158.159.1` `compat-openssl097g-32bit >= 0.9.7g-158.159.1`	SAT Patch Nr: 4909
SUSE CORE 9 for AMD64 and Intel EM64T	`openssl >= 0.9.7d-15.48` `openssl-devel >= 0.9.7d-15.48` `openssl-doc >= 0.9.7d-15.48`	Builds YOU Patch Nr: 12759
SUSE Linux Enterprise Desktop 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for x86	`compat-openssl097g >= 0.9.7g-13.21.1`	sles10-sp4.x86-64 sles10-sp4.ia64 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ppc ZYPP Patch Nr: 7645
SUSE Linux Enterprise Server 10 SP4 for IPF	`compat-openssl097g >= 0.9.7g-13.21.1` `compat-openssl097g-x86 >= 0.9.7g-13.21.1`	sles10-sp4.x86-64 sles10-sp4.ia64 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ppc ZYPP Patch Nr: 7645
SUSE Linux Enterprise Server 10 SP4 for IBM POWER	`compat-openssl097g >= 0.9.7g-13.21.1` `compat-openssl097g-64bit >= 0.9.7g-13.21.1`	sles10-sp4.x86-64 sles10-sp4.ia64 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ppc ZYPP Patch Nr: 7645
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit	`compat-openssl097g >= 0.9.7g-13.21.1` `compat-openssl097g-32bit >= 0.9.7g-13.21.1`	sles10-sp4.x86-64 sles10-sp4.ia64 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ppc ZYPP Patch Nr: 7645
SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T	`compat-openssl097g >= 0.9.7g-13.21.1` `compat-openssl097g-32bit >= 0.9.7g-13.21.1`	sles10-sp3.x86 sles10-sp3.x86-64 sles10-sp3.ia64 sles10-sp3.ppc sles10-sp3.s390x ZYPP Patch Nr: 7644
SLE 11 SP1 DEBUGINFO	`compat-openssl097g-debuginfo >= 0.9.7g-146.20.1` `compat-openssl097g-debugsource >= 0.9.7g-146.20.1`	Builds SAT Patch Nr: 4913
SLE 11 SP1 DEBUGINFO	`compat-openssl097g-debuginfo >= 0.9.7g-146.20.1` `compat-openssl097g-debuginfo-32bit >= 0.9.7g-146.20.1` `compat-openssl097g-debugsource >= 0.9.7g-146.20.1`	Builds SAT Patch Nr: 4913
SUSE Linux Enterprise Desktop 11 SP1	`compat-openssl097g >= 0.9.7g-146.20.1`	Builds SAT Patch Nr: 4913
SUSE Linux Enterprise Desktop 11 SP1	`compat-openssl097g >= 0.9.7g-146.20.1` `compat-openssl097g-32bit >= 0.9.7g-146.20.1`	Builds SAT Patch Nr: 4913
openSUSE 10.3	`libopenssl-devel >= 0.9.8e-45.7` `libopenssl0_9_8 >= 0.9.8e-45.7` `libopenssl0_9_8-32bit >= 0.9.8e-45.7` `libopenssl0_9_8-64bit >= 0.9.8e-45.7` `openssl >= 0.9.8e-45.7` `openssl-certs >= 0.9.8e-45.7` `openssl-doc >= 0.9.8e-45.7`
openSUSE 10.3	`compat-openssl097g >= 0.9.7g-75.5` `compat-openssl097g-32bit >= 0.9.7g-75.5` `compat-openssl097g-64bit >= 0.9.7g-75.5`
SuSE Linux Enterprise Server 8 for x86	`openssl >= 0.9.6g-147` `openssl-devel >= 0.9.6g-147`	Builds YOU Patch Nr: 12340
SuSE Linux Enterprise Server 8 for IBM S/390 and IBM zSeries	`openssl >= 0.9.6g-147` `openssl-devel >= 0.9.6g-147` `openssl-doc >= 0.9.6g-147`	Builds YOU Patch Nr: 12340
SUSE Linux Enterprise Desktop 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP2 for x86	`compat-openssl097g >= 0.9.7g-13.13`	sled10-sp2.x86 sles10-sp2.ia64 sles10-sp2.ppc sles10-sp2.s390x sles10-sp2.x86 sled10-sp2.x86-64 sles10-sp2.x86-64 ZYPP Patch Nr: 5957
SUSE Linux Enterprise Server 10 SP2 for IPF	`compat-openssl097g >= 0.9.7g-13.13` `compat-openssl097g-x86 >= 0.9.7g-13.10`	sled10-sp2.x86 sles10-sp2.ia64 sles10-sp2.ppc sles10-sp2.s390x sles10-sp2.x86 sled10-sp2.x86-64 sles10-sp2.x86-64 ZYPP Patch Nr: 5957
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`compat-openssl097g >= 0.9.7g-13.13` `compat-openssl097g-64bit >= 0.9.7g-13.10`	sled10-sp2.x86 sles10-sp2.ia64 sles10-sp2.ppc sles10-sp2.s390x sles10-sp2.x86 sled10-sp2.x86-64 sles10-sp2.x86-64 ZYPP Patch Nr: 5957
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`compat-openssl097g >= 0.9.7g-13.13` `compat-openssl097g-32bit >= 0.9.7g-13.10`	sled10-sp2.x86 sles10-sp2.ia64 sles10-sp2.ppc sles10-sp2.s390x sles10-sp2.x86 sled10-sp2.x86-64 sles10-sp2.x86-64 ZYPP Patch Nr: 5957

© 2012 Novell