| Revision Date: | 2014-09-08 | Version: | 6 |
| Title: | SUSE-SU-2013:0549-3 -- Security update for OpenSSL |
| Description: | OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack bydisabling SSL compression by default. Setting theenvironment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no"enables compression again. * CVE-2013-0169: Timing attacks against TLS could beused by physically local attackers to gain access totransmitted plain text or private keymaterial. This issueis also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of serviceissue was fixed. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
SUSE-SU-2013:0549-3
|
| Platform(s): | SUSE Linux Enterprise Server 11
| Product(s): | OpenSSL
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 11.x is installed AND Packages match section
libopenssl0_9_8 RPM is earlier than 0:0.9.8j-0.50.1
OR libopenssl0_9_8-hmac RPM is earlier than 0:0.9.8j-0.50.1
OR openssl RPM is earlier than 0:0.9.8j-0.50.1
OR openssl-doc RPM is earlier than 0:0.9.8j-0.50.1
OR libopenssl0_9_8-32bit RPM is earlier than 0:0.9.8j-0.50.1
OR libopenssl0_9_8-hmac-32bit RPM is earlier than 0:0.9.8j-0.50.1
|