| Revision Date: | 2014-09-08 | Version: | 5 |
| Title: | SUSE-SU-2013:0549-2 -- Security update for OpenSSL |
| Description: | OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack bydisabling SSL compression by default. Setting theenvironment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no"enables compression again. * CVE-2013-0169: Timing attacks against TLS could beused by physically local attackers to gain access totransmitted plain text or private keymaterial. This issueis also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of serviceissue was fixed. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
SUSE-SU-2013:0549-2
|
| Platform(s): | SUSE Linux Enterprise Server 10
| Product(s): | OpenSSL
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 10 is installed AND Packages match section
openssl RPM is earlier than 0:0.9.8a-18.45.69.1
OR openssl-devel RPM is earlier than 0:0.9.8a-18.45.69.1
OR openssl-doc RPM is earlier than 0:0.9.8a-18.45.69.1
OR openssl-32bit RPM is earlier than 0:0.9.8a-18.45.69.1
OR openssl-devel-32bit RPM is earlier than 0:0.9.8a-18.45.69.1
|