Oval Definition:oval:org.opensuse.security:def:55585
Revision Date:2020-12-01Version:1
Title:Security update for openssl (Moderate)
Description:



OpenSSL was updated to fix security issues and also provide FIPS compliance.

Security issues fixed: CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64.

CVE-2014-3571: Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record.

CVE-2014-3572: No longer accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted.

CVE-2014-8275: Fixed various certificate fingerprint issues.

CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites.

CVE-2015-0205: Fix to prevent use of DH client certificates without sending certificate verify message.

CVE-2015-0206: A memory leak could have occured in dtls1_buffer_record.

Bugfixes: - Do not advertise curves we don't support (bsc#906878)

FIPS changes: - Make RSA2 key generation FIPS 186-4 compliant (bsc#901902)

- X9.31 rand method is not allowed in FIPS mode.

- Do not allow dynamic ENGINEs loading in FIPS mode.

- Added a locking hack which prevents hangs in FIPS mode (bsc#895129)

- In non-FIPS RSA key generation, mirror the maximum and minimum limiters from FIPS rsa generation to meet Common Criteria and BSI TR requirements on minimum and maximum distances between p and q. (bsc#908362)

- Do constant reseeding from /dev/urandom; for every random byte pulled, seed with one byte from /dev/urandom, also change RAND_poll to pull the full state size of the SSLEAY DRBG to fulfil Common Criteria requirements. (bsc#908372)

FIPS mode can be enabled by either using the environment variable OPENSSL_FORCE_FIPS_MODE=1 or supplying the 'fips=1' parameter on the kernel boot commandline.
Family:unixClass:patch
Status:Reference(s):1000677
1001912
1004499
1005878
1019334
1019611
1021641
1022085
1022103
1022271
1040109
1040112
1040113
1040115
1068032
1068101
1099590
1113455
1123755
1124223
1124937
1127153
1131060
1146569
1146571
1146572
1146702
821818
831299
855676
859055
861847
895129
901902
906878
908362
908372
912014
912015
912018
912292
912293
912294
912296
933109
936058
936062
962189
977333
977374
977376
977381
977386
CVE-2010-1674
CVE-2010-1675
CVE-2013-2116
CVE-2013-4242
CVE-2014-1477
CVE-2014-1479
CVE-2014-1480
CVE-2014-1481
CVE-2014-1482
CVE-2014-1483
CVE-2014-1484
CVE-2014-1485
CVE-2014-1486
CVE-2014-1487
CVE-2014-1488
CVE-2014-1489
CVE-2014-1490
CVE-2014-1491
CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-3591
CVE-2014-8275
CVE-2015-0204
CVE-2015-0205
CVE-2015-0206
CVE-2015-0837
CVE-2015-0848
CVE-2015-4588
CVE-2015-4695
CVE-2015-4696
CVE-2015-8704
CVE-2016-2108
CVE-2016-2805
CVE-2016-2807
CVE-2016-2808
CVE-2016-2814
CVE-2016-7056
CVE-2016-8610
CVE-2017-3731
CVE-2017-5225
CVE-2017-5715
CVE-2017-7826
CVE-2017-7828
CVE-2017-7830
CVE-2017-9111
CVE-2017-9112
CVE-2017-9113
CVE-2017-9115
CVE-2018-18444
CVE-2019-15142
CVE-2019-15143
CVE-2019-15144
CVE-2019-15145
CVE-2019-3880
CVE-2019-6212
CVE-2019-6215
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
CVE-2019-6227
CVE-2019-6229
CVE-2019-6233
CVE-2019-6234
SUSE-SU-2015:1378-1
SUSE-SU-2016:0180-1
SUSE-SU-2016:1258-1
SUSE-SU-2017:0453-1
SUSE-SU-2017:0461-1
SUSE-SU-2017:3213-1
SUSE-SU-2018:0056-1
SUSE-SU-2019:0511-1
SUSE-SU-2019:1037-1
SUSE-SU-2019:1962-1
SUSE-SU-2019:2444-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • MozillaThunderbird-52.7-lp150.2 is installed
  • OR MozillaThunderbird-translations-common-52.7-lp150.2 is installed
  • OR MozillaThunderbird-translations-other-52.7-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND enigmail-2.0.11-31 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • gnutls-2.4.1-24.39.47 is installed
  • OR libgnutls26-2.4.1-24.39.47 is installed
  • OR libgnutls26-32bit-2.4.1-24.39.47 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-24.3.0esr-0.8 is installed
  • OR MozillaFirefox-branding-SLED-24-0.7 is installed
  • OR MozillaFirefox-translations-24.3.0esr-0.8 is installed
  • OR libfreebl3-3.15.4-0.7 is installed
  • OR libfreebl3-32bit-3.15.4-0.7 is installed
  • OR libsoftokn3-3.15.4-0.7 is installed
  • OR libsoftokn3-32bit-3.15.4-0.7 is installed
  • OR mozilla-nss-3.15.4-0.7 is installed
  • OR mozilla-nss-32bit-3.15.4-0.7 is installed
  • OR mozilla-nss-tools-3.15.4-0.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND libwmf-0.2.8.4-206.29.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • libopenssl1_0_0-1.0.1i-17 is installed
  • OR libopenssl1_0_0-32bit-1.0.1i-17 is installed
  • OR openssl-1.0.1i-17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • libdcerpc-binding0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libdcerpc-binding0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libdcerpc0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libdcerpc0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libndr-krb5pac0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libndr-krb5pac0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libndr-nbt0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libndr-nbt0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libndr-standard0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libndr-standard0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libndr0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libndr0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libnetapi0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libnetapi0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamba-credentials0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamba-credentials0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamba-errors0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamba-errors0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamba-hostconfig0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamba-hostconfig0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamba-passdb0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamba-passdb0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamba-util0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamba-util0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamdb0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsamdb0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsmbclient0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsmbclient0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsmbconf0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsmbconf0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsmbldap0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libsmbldap0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libtevent-util0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libtevent-util0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libwbclient0-4.6.16+git.154.2998451b912-3.40 is installed
  • OR libwbclient0-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR samba-4.6.16+git.154.2998451b912-3.40 is installed
  • OR samba-client-4.6.16+git.154.2998451b912-3.40 is installed
  • OR samba-client-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR samba-doc-4.6.16+git.154.2998451b912-3.40 is installed
  • OR samba-libs-4.6.16+git.154.2998451b912-3.40 is installed
  • OR samba-libs-32bit-4.6.16+git.154.2998451b912-3.40 is installed
  • OR samba-winbind-4.6.16+git.154.2998451b912-3.40 is installed
  • OR samba-winbind-32bit-4.6.16+git.154.2998451b912-3.40 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • libgcrypt20-1.6.1-16 is installed
  • OR libgcrypt20-32bit-1.6.1-16 is installed
  • OR libgcrypt20-hmac-1.6.1-16 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • MozillaFirefox-52.5.0esr-109.9 is installed
  • OR MozillaFirefox-devel-52.5.0esr-109.9 is installed
  • OR MozillaFirefox-translations-52.5.0esr-109.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • DirectFB-1.7.1-6 is installed
  • OR lib++dfb-1_7-1-1.7.1-6 is installed
  • OR libdirectfb-1_7-1-1.7.1-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • postgresql96-9.6.17-3.33 is installed
  • OR postgresql96-contrib-9.6.17-3.33 is installed
  • OR postgresql96-docs-9.6.17-3.33 is installed
  • OR postgresql96-libs-9.6.17-3.33 is installed
  • OR postgresql96-plperl-9.6.17-3.33 is installed
  • OR postgresql96-plpython-9.6.17-3.33 is installed
  • OR postgresql96-pltcl-9.6.17-3.33 is installed
  • OR postgresql96-server-9.6.17-3.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND mailman-2.1.17-3.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • gnutls-3.2.15-18.6 is installed
  • OR libgnutls-openssl27-3.2.15-18.6 is installed
  • OR libgnutls28-3.2.15-18.6 is installed
  • OR libgnutls28-32bit-3.2.15-18.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • libicu-doc-52.1-7 is installed
  • OR libicu52_1-52.1-7 is installed
  • OR libicu52_1-32bit-52.1-7 is installed
  • OR libicu52_1-data-52.1-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • MozillaFirefox-60.8.0-109.83 is installed
  • OR MozillaFirefox-translations-common-60.8.0-109.83 is installed
  • OR libfreebl3-3.44.1-58.28 is installed
  • OR libfreebl3-32bit-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-3.44.1-58.28 is installed
  • OR libsoftokn3-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-3.44.1-58.28 is installed
  • OR mozilla-nss-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-tools-3.44.1-58.28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • ghostscript-9.27-23.28 is installed
  • OR ghostscript-x11-9.27-23.28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • curl-7.37.0-37.31 is installed
  • OR libcurl4-7.37.0-37.31 is installed
  • OR libcurl4-32bit-7.37.0-37.31 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND ipsec-tools-0.8.0-19.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • qemu-2.3.1-33.6 is installed
  • OR qemu-block-curl-2.3.1-33.6 is installed
  • OR qemu-block-rbd-2.3.1-33.6 is installed
  • OR qemu-guest-agent-2.3.1-33.6 is installed
  • OR qemu-ipxe-1.0.0-33.6 is installed
  • OR qemu-kvm-2.3.1-33.6 is installed
  • OR qemu-lang-2.3.1-33.6 is installed
  • OR qemu-seabios-1.8.1-33.6 is installed
  • OR qemu-sgabios-8-33.6 is installed
  • OR qemu-tools-2.3.1-33.6 is installed
  • OR qemu-vgabios-1.8.1-33.6 is installed
  • OR qemu-x86-2.3.1-33.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND python-oslo.middleware-3.19.0-3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND ansible-2.4.6.0-3.6 is installed
    • BACK