SUSE: CVE-2014-3566: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | October 14, 2014 | December 18, 2015 | November 21, 2018 |
Description
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
- SUSE-SUSE-SU-2014:1357
- SUSE-SUSE-SU-2014:1357-1
- SUSE-SUSE-SU-2014:1361
- SUSE-SUSE-SU-2014:1361-1
- SUSE-SUSE-SU-2014:1386-1
- SUSE-SUSE-SU-2014:1387-1
- SUSE-SUSE-SU-2014:1387-2
- SUSE-SUSE-SU-2014:1409-1
- SUSE-SUSE-SU-2014:1447-1
- SUSE-SUSE-SU-2014:1512-1
- SUSE-SUSE-SU-2014:1519-1
- SUSE-SUSE-SU-2014:1524-1
- SUSE-SUSE-SU-2014:1526
- SUSE-SUSE-SU-2014:1526-1
- SUSE-SUSE-SU-2014:1526-2
- SUSE-SUSE-SU-2014:1541-1
- SUSE-SUSE-SU-2014:1549
- SUSE-SUSE-SU-2014:1549-1
- SUSE-SUSE-SU-2014:1557-1
- SUSE-SUSE-SU-2014:1557-2
- SUSE-SUSE-SU-2014:1598-1
- SUSE-SUSE-SU-2015:0010-1
- SUSE-SUSE-SU-2015:0336
- SUSE-SUSE-SU-2015:0336-1
- SUSE-SUSE-SU-2015:0344
- SUSE-SUSE-SU-2015:0345
- SUSE-SUSE-SU-2015:0376
- SUSE-SUSE-SU-2015:0392
- SUSE-SUSE-SU-2015:0503
- SUSE-SUSE-SU-2015:0503-1
- SUSE-SUSE-SU-2015:0578
- SUSE-SUSE-SU-2016:1457
- SUSE-SUSE-SU-2016:1457-1
- SUSE-SUSE-SU-2016:1459
- SUSE-SUSE-SU-2016:1459-1
- SUSE-SUSE-SU-2016:2285-1
- SUSE-SUSE-SU-2016:2329-1
- SUSE-SUSE-SU-2016:2396-1
- NETBSD-NetBSD-SA2014-015
- APPLE-APPLE-SA-2014-10-16-1
- APPLE-APPLE-SA-2014-10-16-3
- APPLE-APPLE-SA-2014-10-16-4
- APPLE-APPLE-SA-2014-10-20-1
- APPLE-APPLE-SA-2014-10-20-2
- APPLE-APPLE-SA-2015-01-27-4
- APPLE-APPLE-SA-2015-09-16-2
- REDHAT-RHSA-2014:1652
- REDHAT-RHSA-2014:1653
- REDHAT-RHSA-2014:1692
- REDHAT-RHSA-2014:1876
- REDHAT-RHSA-2014:1877
- REDHAT-RHSA-2014:1880
- REDHAT-RHSA-2014:1881
- REDHAT-RHSA-2014:1882
- REDHAT-RHSA-2014:1920
- REDHAT-RHSA-2014:1948
- REDHAT-RHSA-2015:0068
- REDHAT-RHSA-2015:0079
- REDHAT-RHSA-2015:0080
- REDHAT-RHSA-2015:0085
- REDHAT-RHSA-2015:0086
- REDHAT-RHSA-2015:0264
- REDHAT-RHSA-2015:0698
- REDHAT-RHSA-2015:1545
- REDHAT-RHSA-2015:1546
- DEBIAN-DLA-157-1
- DEBIAN-DLA-282-1
- DEBIAN-DLA-400-1
- DEBIAN-DSA-3053
- DEBIAN-DSA-3144
- DEBIAN-DSA-3147
- DEBIAN-DSA-3253
- DEBIAN-DSA-3489
- MANDRIVA-MDVSA-2014:203
- MANDRIVA-MDVSA-2015:062
- BID-70574
- SECTRACK-1031029
- SECTRACK-1031039
- SECTRACK-1031085
- SECTRACK-1031086
- SECTRACK-1031087
- SECTRACK-1031088
- SECTRACK-1031089
- SECTRACK-1031090
- SECTRACK-1031091
- SECTRACK-1031092
- SECTRACK-1031093
- SECTRACK-1031094
- SECTRACK-1031095
- SECTRACK-1031096
- SECTRACK-1031105
- SECTRACK-1031106
- SECTRACK-1031107
- SECTRACK-1031120
- SECTRACK-1031123
- SECTRACK-1031124
- SECTRACK-1031130
- SECTRACK-1031131
- SECTRACK-1031132
- UBUNTU-USN-2486-1
- UBUNTU-USN-2487-1
- CERT-TA14-290A
- GENTOO-GLSA-201507-14
- GENTOO-GLSA-201606-11
- NVD-CVE-2014-3566
Solution
suse-upgrade-apache2-mod_nssRelated Vulnerabilities
- Palo Alto Networks PAN-SA-2014-0005 (CVE-2014-3566): SSL 3.0 MITM Attack
- OS X security update 2015-001 for AFP Server (CVE-2014-3566)
- Oracle Solaris 11: CVE-2014-3566: Vulnerability in Multiple Components
- Juniper Junos OS: 2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL "POODLE" vulnerability (JSA10656) (CVE-2014-3566)
- IBM WebSphere Application Server: CVE-2014-3566: IBM Potential Security Vulnerabilities fixed in IBM WebSphere Application Server
- OS X update for OpenSSL (CVE-2014-3566)
- RHSA-2015:0067: java-1.7.0-openjdk security update
- Amazon Linux AMI: Security patch for nss (ALAS-2014-429) (CVE-2014-3566)
- HP-UX: CVE-2014-3566: Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
- ELSA-2014-1653 Moderate: Oracle Linux openssl security update
- Cisco IOS: CVE-2014-3566: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
- Amazon Linux AMI: Security patch for java-1.6.0-openjdk (ALAS-2015-480) (multiple CVEs)
- ELSA-2015-0067 Critical: Oracle Linux java-1.7.0-openjdk security update
- IBM HTTP Server: CVE-2014-3566: IBM HTTP Server should disable weak SSL protocols and ciphers by default
- USN-2486-1: OpenJDK 6 vulnerabilities
- OpenSSL SSL 3.0 Fallback protection (CVE-2014-3566)
- RHSA-2014:1882: java-1.7.0-ibm security update
- RHSA-2015:0080: java-1.8.0-oracle security update
- ELSA-2015-0069 Important: Oracle Linux java-1.8.0-openjdk security update
- DSA-3147-1 openjdk-6 -- security update
- HP Systems Insight Manager - HPSBMU03261 (CVE-2014-3566): OpenSSL on Linux and Windows, Remote Disclosure of Information
- Debian: CVE-2014-3566: lighttpd -- security update
- RHSA-2014:1881: java-1.5.0-ibm security update
- F5 Networks: K15702 (CVE-2014-3566): SSLv3 vulnerability CVE-2014-3566
- Sun Patch: Indexing and Search Service 1u5-29.15600: core patch
- RHSA-2015:0086: java-1.6.0-sun security update
- Amazon Linux AMI: Security patch for java-1.8.0-openjdk (ALAS-2015-472) (multiple CVEs)
- Sun Patch: SunOS 5.10: wanboot patch
- ELSA-2015-0085 Important: Oracle Linux java-1.6.0-openjdk security update
- RHSA-2015:0079: java-1.7.0-oracle security update
- Cent OS: CVE-2014-3566: CESA-2015:0085 (java-1.6.0-openjdk)
- FreeBSD: davmail -- fix potential CVE-2014-3566 vulnerability (POODLE) (CVE-2014-3566)
- RHSA-2015:1545: node.js security update
- DSA-3144-1 openjdk-7 -- security update
- RHSA-2015:0068: java-1.7.0-openjdk security update
- Sun Patch: SunOS 5.10_x86: openssl patch
- ELSA-2015-0068 Important: Oracle Linux java-1.7.0-openjdk security update
- HP System Management Homepage - HPSBMU03260 (CVE-2014-3566): OpenSSL on Linux and Windows, Remote Disclosure of Information
- Cisco NX-OS: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (Multiple CVEs)
- RHSA-2015:0085: java-1.6.0-openjdk security update
- FreeBSD: (Multiple Advisories) (CVE-2014-3566): lynx -- multiple vulnerabilities
- ELSA-2014-1652 Important: Oracle Linux openssl security update
- Sun Patch: VM Server for SPARC 3.1: ldmd patch
- Cisco SAN-OS: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (CVE-2014-3566)
- IBM AIX: java_feb2015_advisory, java_oct2014_advisory, nettcp_advisory, openssl_advisory11 (CVE-2014-3566): Vulnerability in IBM Java SDK affects AIX
- RHSA-2014:1877: java-1.6.0-ibm security update
- RHSA-2014:1880: java-1.7.1-ibm security update
- Gentoo Linux: CVE-2014-3566: Asterisk: Multiple Vulnerabilities
- Jenkins Advisory 2014-10-15: CVE-2014-3566: Poodle vulnerability
- Java CPU January 2015 Java SE, Java SE Embedded, JRockit JSSE vulnerability (CVE-2014-3566)
- Amazon Linux AMI: Security patch for java-1.7.0-openjdk (ALAS-2015-471) (multiple CVEs)
- DSA-3053-1 openssl -- security update
- DSA-3253-1 pound -- security update
- FreeBSD: asterisk -- Asterisk Susceptibility to POODLE Vulnerability (CVE-2014-3566)
- RHSA-2015:0264: Red Hat Satellite IBM Java Runtime security update
- OS X update for Secure Transport (CVE-2014-3566)
- HP iLO: CVE-2014-3566: Remote disclosure of information
- RHSA-2014:1876: java-1.7.0-ibm security update
- Amazon Linux AMI: Security patch for openssl (ALAS-2014-426) (CVE-2014-3566)
- Sun Patch: Indexing and Search Service 1u5-29.15600_x86: core patch
- RHSA-2015:0069: java-1.8.0-openjdk security update
- Sun Patch: SunOS 5.10: openssl patch
- Oracle Linux: CVE-2014-3566: ELSA-2016-3558 - openssl security update
- FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-14:23.openssl) (Multiple CVEs)
- Oracle Database: Critical Patch Update - July 2017 (CVE-2014-3566)
- USN-2487-1: OpenJDK 7 vulnerabilities