| Revision Date: | 2014-09-08 | Version: | 5 |
| Title: | SUSE-SU-2013:0549-1 -- Security update for OpenSSL |
| Description: | OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack bydisabling SSL compression by default. Setting theenvironment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no"enables compression again. * CVE-2013-0169: Timing attacks against TLS could beused by physically local attackers to gain access totransmitted plain text or private keymaterial. This issueis also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of serviceissue was fixed. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
SUSE-SU-2013:0549-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Server 11
| Product(s): | OpenSSL
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section
SUSE Linux Enterprise Server 11.x is installed
OR SUSE Linux Enterprise Desktop 11.x is installed
AND Packages match section
libopenssl0_9_8 RPM is earlier than 0:0.9.8j-0.50.1
OR openssl RPM is earlier than 0:0.9.8j-0.50.1
OR libopenssl0_9_8-32bit RPM is earlier than 0:0.9.8j-0.50.1
SUSE Linux Enterprise Server 11 release section
SUSE Linux Enterprise Server 11.x is installed
AND Packages match section
libopenssl0_9_8-hmac RPM is earlier than 0:0.9.8j-0.50.1
OR openssl-doc RPM is earlier than 0:0.9.8j-0.50.1
OR libopenssl0_9_8-hmac-32bit RPM is earlier than 0:0.9.8j-0.50.1
|