Oval Definition:oval:org.mitre.oval:def:25900
Revision Date:2014-09-08Version:5
Title:SUSE-SU-2013:0554-1 -- Security update for OpenSSL
Description:OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack bydisabling SSL compression by default. Setting theenvironment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no"enables compression again. Please note that openssl on SUSE Linux Enterprise 10is not built with compression support. * CVE-2013-0169: Timing attacks against TLS could beused by physically local attackers to gain access totransmitted plain text or private keymaterial. This issueis also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of serviceissue was fixed.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
SUSE-SU-2013:0554-1
Platform(s):SUSE Linux Enterprise Desktop 10
SUSE Linux Enterprise Server 10
Product(s):OpenSSL
Definition Synopsis
  • SUSE Linux Enterprise Server 10 and SUSE Linux Enterprise Desktop 10 release section
  • Operation system section
  • SUSE Linux Enterprise Server 10 is installed
  • OR SUSE Linux Enterprise Desktop 10 is installed
  • AND Packages match section
  • openssl RPM is earlier than 0:0.9.8a-18.76.1
  • OR openssl-devel RPM is earlier than 0:0.9.8a-18.76.1
  • OR openssl-32bit RPM is earlier than 0:0.9.8a-18.76.1
  • OR openssl-devel-32bit RPM is earlier than 0:0.9.8a-18.76.1
  • SUSE Linux Enterprise Server 10 release section
  • SUSE Linux Enterprise Server 10 is installed
  • AND openssl-doc RPM is earlier than 0:0.9.8a-18.76.1
    • BACK