CVE-2012-2686 at MITRE
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Note from the SUSE Security Team
The openssl versions in SUSE Linux Enterprise 11 and older are based on openssl 0.9.8 and do not support TLS 1.1 or 1.2 at this time. So SUSE Linux Enterprise 11 and older distributions are not affected by this security problem.
Novell Bugzilla entry: 802648
SUSE Security Advisories: