OES11sp2 / OES2015 : CVE-2016-0800 DROWN cross protocol attack on TLS using SSLv2

  • 7017338
  • 08-Mar-2016
  • 09-Mar-2016

Environment

Novell Open Enterprise Server 2015 (OES 2015)
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 2

Situation

CVE-2016-0800 DROWN cross protocol attack on TLS using SSLv2

Resolution

The following updates are available to resolve this vulnerability:

OE11sp2
https://download.novell.com/Download?buildid=LrnXG8PC71s~

zypper lp --cve=CVE-2016-0800
Refreshing service 'nu_novell_com'.
Loading repository data...
Reading installed packages...

Issue | No.           | Patch                  | Category | Status
------+---------------+------------------------+----------+-------
cve   | CVE-2016-0800 | oes11sp2-openssl-10870 | security | needed

to install:
zypper patch --cve=CVE-2016-0800
 
zypper lp --cve=CVE-2016-0800
Refreshing service 'nu_novell_com'.
Loading repository data...
Reading installed packages...

Issue | No.           | Patch                 | Category | Status
------+---------------+-----------------------+----------+-------
cve   | CVE-2016-0800 | oes2015-openssl-10869 | security | needed

to install:
zypper patch --cve=CVE-2016-0800

Cause

Status

Security Alert

Feedback service temporarily unavailable. For content questions or problems, please contact Support.