Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

SUSE-SU-2019:1608-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2019:1608-1

SUSE-SU-2019:1608-1

MEDIUM4.0

Security update for compat-openssl098

Published Jun 21, 2019

Modified 6 years ago

Fix available

Details

Description of the patch:

This update for compat-openssl098 fixes the following issues:

CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)
Reject invalid EC point coordinates (bsc#1131291)
Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' (bsc#1117951)

Affected Packages

libopenssl0_9_8

SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Module for Legacy 12SUSE Linux Enterprise Server for SAP Applications 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP2

Fixed in:

0.9.8j-106.12.1

libopenssl0_9_8-32bit

SUSE Linux Enterprise Module for Legacy 12

Fixed in:

0.9.8j-106.12.1

References

https://bugzilla.suse.com/1117951

https://bugzilla.suse.com/1127080

https://bugzilla.suse.com/1131291

https://lists.suse.com/pipermail/sle-security-updates/2019-June/005602.html

https://www.suse.com/security/cve/CVE-2019-1559/

https://www.suse.com/support/security/rating/

https://www.suse.com/support/update/announcement/2019/suse-su-20191608-1/

CVSS Analysis

CVSS v3.0

4.0

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

LowC:L

Integrity

NoneI:N

Availability

NoneA:N

4.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Upstream

Ecosystems(7)

SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2

Timeline

PublishedJun 21, 2019

ModifiedJun 21, 2019