Novell Home


Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-2686 at MITRE


crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Note from the SUSE Security Team

The openssl versions in SUSE Linux Enterprise 11 and older are based on openssl 0.9.8 and do not support TLS 1.1 or 1.2 at this time. So SUSE Linux Enterprise 11 and older distributions are not affected by this security problem.

Novell Bugzilla entry: 802648

SUSE Security Advisories:

© 2014 Novell