Main Vulnerability Database SB2015010501

SB2015010501 - SUSE Linux update for suseRegister

Published: January 5, 2015 Updated: November 8, 2022

Security Bulletin ID SB2015010501

Severity

Critical

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2014-3566)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to usage of insecure SSLv3 protocol in OpenSSL. A remote attacker can force the current connection between user and server to be downgraded to SSLv3 protocol and then use padding-oracle attack on Cypher-block chaining (CBC) mode to decrypt encrypted communication.

Successful exploitation of the vulnerability may allow an attacker to read encrypted communications in clear text.

Note: The vulnerability is known as POODLE.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2015-01/msg00000.html