SUSE-SU-2013:0549-2 -- Security update for OpenSSL
Description:
OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack bydisabling SSL compression by default. Setting theenvironment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no"enables compression again. * CVE-2013-0169: Timing attacks against TLS could beused by physically local attackers to gain access totransmitted plain text or private keymaterial. This issueis also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of serviceissue was fixed.