Revision Date: | 2021-03-25 | Version: | 1 |
Title: | (Important) |
Description: |
This update for openssl-1_1 fixes the security issue:
CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852]
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1183852 CVE-2020-11736 CVE-2021-3449
|
Platform(s): | Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1
| Product(s): | |
Definition Synopsis |
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE is installed AND Package Information
libopenssl1_1-1.1.1d-11.20.1 is installed
OR openssl-1_1-1.1.1d-11.20.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed
AND Package Information
file-roller-3.32.5-1.8 is installed
OR file-roller-lang-3.32.5-1.8 is installed
|