Bugzilla – Bug 957984
VUL-0: CVE-2015-1794: openssl: 1.0.2 only: Anon DH ServerKeyExchange with 0 p parameter
Last modified: 2015-12-05 11:13:20 UTC
https://www.openssl.org/news/secadv/20151203.txt Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794) ============================================================ Severity: Low If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack. This issue affects OpenSSL version 1.0.2. OpenSSL 1.0.2 users should upgrade to 1.0.2e This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The fix was developed by Matt Caswell of the OpenSSL development team.
bugbot adjusting priority
Packages submitted. Reassigning to security team.
This is an autogenerated message for OBS integration: This bug (957984) was mentioned in https://build.opensuse.org/request/show/347504 Factory / openssl
done