Bugzilla – Bug 1097158
VUL-0: CVE-2018-0732: openssl1,openssl,compat-openssl098: Reject excessively large primes in DH key generation.
Last modified: 2022-02-16 20:53:49 UTC
CVE-2018-0732 from openssl git: commit 3984ef0b72831da8b3ece4745cac4f8575b19098 Author: Guido Vranken <guidovranken@gmail.com> Date: Mon Jun 11 19:38:54 2018 +0200 Reject excessively large primes in DH key generation. CVE-2018-0732 Signed-off-by: Guido Vranken <guidovranken@gmail.com> (cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6457) References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0732
OpenSSL Security Advisory [12 June 2018] ======================================== Client DoS due to large DH parameter (CVE-2018-0732) ==================================================== Severity: Low During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL 1.1.0i and OpenSSL 1.0.2p when they become available. The fix is also available in commit ea7abeeab (for 1.1.0) and commit 3984ef0b7 (for 1.0.2) in the OpenSSL git repository. This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken who also developed the fix. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20180612.txt
Also affects libressl in openSUSE: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt * Reject excessively large primes in DH key generation. Problem reported by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff.
SUSE-SU-2018:1887-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1097158,1097624,1098592 CVE References: CVE-2018-0732 Sources used: SUSE OpenStack Cloud 7 (src): openssl-1.0.2j-60.30.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): openssl-1.0.2j-60.30.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): openssl-1.0.2j-60.30.1 SUSE Linux Enterprise Server 12-SP3 (src): openssl-1.0.2j-60.30.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): openssl-1.0.2j-60.30.1 SUSE Linux Enterprise Desktop 12-SP3 (src): openssl-1.0.2j-60.30.1 SUSE Enterprise Storage 4 (src): openssl-1.0.2j-60.30.1 SUSE CaaS Platform ALL (src): openssl-1.0.2j-60.30.1 OpenStack Cloud Magnum Orchestration 7 (src): openssl-1.0.2j-60.30.1
openSUSE-SU-2018:1906-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1097158,1097624,1098592 CVE References: CVE-2018-0732 Sources used: openSUSE Leap 42.3 (src): openssl-1.0.2j-25.1
SUSE-SU-2018:1968-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1097158,1097624,1098592 CVE References: CVE-2018-0732 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): openssl-1.0.1i-54.14.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): openssl-1.0.1i-54.14.1
SUSE-SU-2018:2036-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1097158,1097624,1098592 CVE References: CVE-2018-0732 Sources used: SUSE Linux Enterprise Module for Basesystem 15 (src): openssl-1_1-1.1.0h-4.3.1
SUSE-SU-2018:2041-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1097158,1097624,1098592 CVE References: CVE-2018-0732 Sources used: SUSE Linux Enterprise Module for Legacy Software 15 (src): openssl-1_0_0-1.0.2n-3.3.1
openSUSE-SU-2018:2117-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1097158,1097624,1098592 CVE References: CVE-2018-0732 Sources used: openSUSE Leap 15.0 (src): openssl-1_1-1.1.0h-lp150.3.3.1
openSUSE-SU-2018:2129-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1097158,1097624,1098592 CVE References: CVE-2018-0732 Sources used: openSUSE Leap 15.0 (src): openssl-1_0_0-1.0.2n-lp150.2.3.1
SUSE-SU-2018:2207-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1097158,1097624,1098592 CVE References: CVE-2018-0732 Sources used: SUSE Studio Onsite 1.3 (src): openssl-0.9.8j-0.106.12.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): openssl-0.9.8j-0.106.12.1 SUSE Linux Enterprise Server 11-SP4 (src): openssl-0.9.8j-0.106.12.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): openssl-0.9.8j-0.106.12.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): openssl-0.9.8j-0.106.12.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): openssl-0.9.8j-0.106.12.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): openssl-0.9.8j-0.106.12.1
This is an autogenerated message for OBS integration: This bug (1097158) was mentioned in https://build.opensuse.org/request/show/629239 Factory / openssl-1_1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-08-29. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64102
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-08-29. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64106
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-08-29. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64108
This is an autogenerated message for OBS integration: This bug (1097158) was mentioned in https://build.opensuse.org/request/show/630497 Factory / nodejs6 https://build.opensuse.org/request/show/630498 Factory / nodejs8
SUSE-SU-2018:2449-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1097158,1097624,1098592 CVE References: CVE-2018-0732 Sources used: SUSE CaaS Platform 3.0 (src): openssl-1.0.2j-60.34.1
SUSE-SU-2018:2534-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1065363,1087102,1097158 CVE References: CVE-2018-0732,CVE-2018-0739 Sources used: SUSE Linux Enterprise Server for SAP 11-SP4 (src): compat-openssl097g-0.9.7g-146.22.51.5.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): compat-openssl097g-0.9.7g-146.22.51.5.1
SUSE-SU-2018:2545-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1089039,1097158,1097624,1098592 CVE References: CVE-2018-0732,CVE-2018-0737 Sources used: SUSE Linux Enterprise Server 11-SECURITY (src): openssl1-1.0.1g-0.58.12.1
SUSE-SU-2018:2647-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1082318,1091764,1097158,1097748,1105019 CVE References: CVE-2018-0732,CVE-2018-12115 Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs4-4.9.1-15.14.1 SUSE Enterprise Storage 4 (src): nodejs4-4.9.1-15.14.1
openSUSE-SU-2018:2667-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1082318,1091764,1097158,1097748,1105019 CVE References: CVE-2018-0732,CVE-2018-12115 Sources used: openSUSE Leap 42.3 (src): nodejs4-4.9.1-17.1
This is an autogenerated message for OBS integration: This bug (1097158) was mentioned in https://build.opensuse.org/request/show/634765 Factory / nodejs10
SUSE-SU-2018:2683-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1087102,1089039,1097158,1097624,1098592 CVE References: CVE-2018-0732,CVE-2018-0737,CVE-2018-0739 Sources used: SUSE Linux Enterprise Server for SAP 12-SP3 (src): compat-openssl098-0.9.8j-106.6.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): compat-openssl098-0.9.8j-106.6.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): compat-openssl098-0.9.8j-106.6.1 SUSE Linux Enterprise Module for Legacy Software 12 (src): compat-openssl098-0.9.8j-106.6.1 SUSE Linux Enterprise Desktop 12-SP3 (src): compat-openssl098-0.9.8j-106.6.1
openSUSE-SU-2018:2695-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1087102,1089039,1097158,1097624,1098592 CVE References: CVE-2018-0732,CVE-2018-0737,CVE-2018-0739 Sources used: openSUSE Leap 42.3 (src): compat-openssl098-0.9.8j-24.1
SUSE-SU-2018:2796-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1097158,1097748,1105019 CVE References: CVE-2018-0732,CVE-2018-12115 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): nodejs6-6.14.4-11.18.1 SUSE OpenStack Cloud 7 (src): nodejs6-6.14.4-11.18.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs6-6.14.4-11.18.1 SUSE Enterprise Storage 4 (src): nodejs6-6.14.4-11.18.1
SUSE-SU-2018:2812-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1097158,1097748,1105019 CVE References: CVE-2018-0732,CVE-2018-12115 Sources used: SUSE Linux Enterprise Module for Web Scripting 15 (src): nodejs8-8.11.4-3.8.2
openSUSE-SU-2018:2816-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1097158,1097748,1105019 CVE References: CVE-2018-0732,CVE-2018-12115 Sources used: openSUSE Leap 42.3 (src): nodejs6-6.14.4-15.1
openSUSE-SU-2018:2855-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1097158,1097748,1105019 CVE References: CVE-2018-0732,CVE-2018-12115 Sources used: openSUSE Leap 15.0 (src): nodejs8-8.11.4-lp150.2.6.1
SUSE-SU-2018:2956-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1097158,1101470 CVE References: CVE-2018-0732 Sources used: SUSE Linux Enterprise Module for Basesystem 15 (src): openssl-1.1.0i-3.3.1, openssl-1_1-1.1.0i-4.9.2
SUSE-SU-2018:2965-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1089039,1097158,1101470,1104789,1106197 CVE References: CVE-2018-0732,CVE-2018-0737 Sources used: SUSE Linux Enterprise Module for Legacy Software 15 (src): openssl-1_0_0-1.0.2p-3.8.1
openSUSE-SU-2018:3013-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1097158,1101470 CVE References: CVE-2018-0732 Sources used: openSUSE Leap 15.0 (src): openssl-1.1.0i-lp150.2.3.1, openssl-1_1-1.1.0i-lp150.3.9.1
openSUSE-SU-2018:3015-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1089039,1097158,1101470,1104789,1106197 CVE References: CVE-2018-0732,CVE-2018-0737 Sources used: openSUSE Leap 15.0 (src): openssl-1_0_0-1.0.2p-lp150.2.6.1
This is an autogenerated message for OBS integration: This bug (1097158) was mentioned in https://build.opensuse.org/request/show/642571 42.3+Backports:SLE-12 / nodejs8
SUSE-SU-2018:1887-2: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1097158,1097624,1098592 CVE References: CVE-2018-0732 Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): openssl-1.0.2j-60.30.1
This is an autogenerated message for OBS integration: This bug (1097158) was mentioned in https://build.opensuse.org/request/show/643179 42.3 / nodejs10
done
This is an autogenerated message for OBS integration: This bug (1097158) was mentioned in https://build.opensuse.org/request/show/649577 Backports:SLE-12-SP2 / nodejs8
This is an autogenerated message for OBS integration: This bug (1097158) was mentioned in https://build.opensuse.org/request/show/662509 Factory / openssl-1_0_0
SUSE-SU-2019:1553-1: An update that solves 6 vulnerabilities and has 7 fixes is now available. Category: security (moderate) Bug References: 1089039,1097158,1097624,1098592,1101470,1104789,1106197,1110018,1113534,1113652,1117951,1127080,1131291 CVE References: CVE-2016-8610,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-5407,CVE-2019-1559 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): openssl-1.0.1i-27.34.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:14246-1: An update that fixes 118 vulnerabilities is now available. Category: security (important) Bug References: 1000036,1001652,1025108,1029377,1029902,1040164,104105,1042670,1043008,1044946,1047925,1047936,1048299,1049186,1050653,1056058,1058013,1066242,1066953,1070738,1070853,1072320,1072322,1073796,1073798,1073799,1073803,1073808,1073818,1073823,1073829,1073830,1073832,1073846,1074235,1077230,1079761,1081750,1082318,1087453,1087459,1087463,1088573,1091764,1094814,1097158,1097375,1097401,1097404,1097748,1104841,1105019,1107030,1109465,1117473,1117626,1117627,1117629,1117630,1120644,1122191,1123482,1124525,1127532,1129346,1130694,1130840,1133452,1133810,1134209,1138459,1140290,1140868,1141853,1144919,1145665,1146090,1146091,1146093,1146094,1146095,1146097,1146099,1146100,1149323,1153423,1154738,1447070,1447409,744625,744629,845955,865853,905528,917607,935856,937414,947747,948045,948602,955142,957814,957815,961254,962297,966076,966077,985201,986541,991344,998743 CVE References: CVE-2013-2882,CVE-2013-6639,CVE-2013-6640,CVE-2013-6668,CVE-2014-0224,CVE-2015-3193,CVE-2015-3194,CVE-2015-5380,CVE-2015-7384,CVE-2016-2086,CVE-2016-2178,CVE-2016-2183,CVE-2016-2216,CVE-2016-5172,CVE-2016-5325,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7099,CVE-2017-1000381,CVE-2017-10686,CVE-2017-11111,CVE-2017-11499,CVE-2017-14228,CVE-2017-14849,CVE-2017-14919,CVE-2017-15896,CVE-2017-15897,CVE-2017-17810,CVE-2017-17811,CVE-2017-17812,CVE-2017-17813,CVE-2017-17814,CVE-2017-17815,CVE-2017-17816,CVE-2017-17817,CVE-2017-17818,CVE-2017-17819,CVE-2017-17820,CVE-2017-18207,CVE-2017-3735,CVE-2017-3736,CVE-2017-3738,CVE-2018-0732,CVE-2018-1000168,CVE-2018-12115,CVE-2018-12116,CVE-2018-12121,CVE-2018-12122,CVE-2018-12123,CVE-2018-20406,CVE-2018-20852,CVE-2018-7158,CVE-2018-7159,CVE-2018-7160,CVE-2018-7161,CVE-2018-7167,CVE-2019-10160,CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11718,CVE-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-11757,CVE-2019-11758,CVE-2019-11759,CVE-2019-11760,CVE-2019-11761,CVE-2019-11762,CVE-2019-11763,CVE-2019-11764,CVE-2019-13173,CVE-2019-15903,CVE-2019-5010,CVE-2019-5737,CVE-2019-9511,CVE-2019-9512,CVE-2019-9513,CVE-2019-9514,CVE-2019-9515,CVE-2019-9516,CVE-2019-9517,CVE-2019-9518,CVE-2019-9636,CVE-2019-9811,CVE-2019-9812,CVE-2019-9947 Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): MozillaFirefox-68.2.0-78.51.4, MozillaFirefox-branding-SLED-68-21.9.8, firefox-atk-2.26.1-2.8.4, firefox-cairo-1.15.10-2.13.4, firefox-gcc5-5.3.1+r233831-14.1, firefox-gcc8-8.2.1+r264010-2.5.1, firefox-gdk-pixbuf-2.36.11-2.8.4, firefox-glib2-2.54.3-2.14.7, firefox-gtk3-3.10.9-2.15.3, firefox-harfbuzz-1.7.5-2.7.4, firefox-libffi-3.2.1.git259-2.3.3, firefox-libffi-gcc5-5.3.1+r233831-14.1, firefox-pango-1.40.14-2.7.4, mozilla-nspr-4.21-29.6.1, mozilla-nss-3.45-38.9.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available. Category: feature (moderate) Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668 CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712 JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135 Sources used: SUSE Manager Tools 12-BETA (src): venv-salt-minion-3002.2-3.3.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.