Oval Definition:	oval:org.opensuse.security:def:100720
Revision Date: 2021-03-25 Version: 1 Title: (Important) Description: This update for openssl-1_1 fixes the security issue: CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] Family: unix Class: patch Status: Reference(s): 1183852 CVE-2020-11736 CVE-2021-3449 Platform(s): Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1 Product(s): Definition Synopsis Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE is installed AND Package Information libopenssl1_1-1.1.1d-11.20.1 is installed OR openssl-1_1-1.1.1d-11.20.1 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed AND Package Information file-roller-3.32.5-1.8 is installed OR file-roller-lang-3.32.5-1.8 is installed
BACK