This article applies to all Check Point software products, unless stated otherwise for specific CVE.
Note: This article does not list all the known CVEs for OpenSSL - only those that were explicitly checked by Check Point.
- Either Check Point does not use the vulnerable code.
- Or Check Point does not have this code in released versions.
- Or Check Point changed the code in such a way that this vulnerability does not apply anymore.
- The issue is not relevant to Check Point code (the affected code does not exist or is not used in Check Point software).
- The issue was relevant to Check Point code and Check Point has already fixed it.
- The issue exists in Check Point code.
How to check the version of the installed OpenSSL package:
[Expert@HostName:0]# rpm -qa | grep openssl
[Expert@MGMT:0]# rpm -qa | grep openssl
How to check which CVEs were fixed in the installed OpenSSL package:
[Expert@HostName:0]# rpm -q --changelog $(rpm -qa | grep openssl) | grep CVE
[Expert@MGMT:0]# rpm -q --changelog $(rpm -qa | grep openssl) | grep CVE
- fix CVE-2007-3108 - side channel attack on private keys (#322891)
- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309871)
- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321211)
- CVE-2006-2940 fix was incorrect (#208744)
- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
- fix CVE-2006-2940 - parasitic public keys DoS (#207274)
- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
- fix CVE-2006-4343 - sslv2 client DoS (#206940)
- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
- This SK replaces sk101171