SUSE Linux update for openssl

Published: 2017-11-10 14:44:49 | Updated: 2017-11-10 14:46:40
Severity Low
Patch available YES
Number of vulnerabilities 1
CVSSv2 2.1 (AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:W/RC:C)
CVSSv3 3.2 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:W/RC:C]
CVE ID CVE-2017-3735
CWE ID CWE-125
Exploitation vector Network
Public exploit Not available
Vulnerable software SUSE Linux
Vulnerable software versions SUSE Linux 11
Vendor URL SuSE
Advisory type Public

Security Advisory

1) Out-of-bounds read

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to one-byte out-of-bounds read when parsing an IPAddressFamily extension in an X.509 certificate. A remote attacker can disguise text display of the certificate.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-11/msg00015.html

Back to List