| Revision Date: | 2015-02-04 | Version: | 1 |
| Title: | Security update for compat-openssl098 (Moderate) |
| Description: |
The openssl 0.9.8j compatibility package was updated to fix several security vulnerabilities:
CVE-2014-3570: Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64.
CVE-2014-3571: Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record.
CVE-2014-3572: Do not accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted.
CVE-2014-8275: Fixed various certificate fingerprint issues
CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites
CVE-2015-0205: OpenSSL 0.9.8j is NOT vulnerable to CVE-2015-0205 as it doesn't support DH certificates and this typo prohibits skipping of certificate verify message for sign only certificates anyway. (This patch only fixes the wrong condition)
This update also fixes regression caused by CVE-2014-0224.patch (bnc#892403)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 892403
912014
912015
912018
912293
912294
912296
CVE-2014-0224
CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-8275
CVE-2015-0204
CVE-2015-0205
SUSE-SU-2015:0305-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 is installed AND Package Information
libopenssl0_9_8-0.9.8j-70.2 is installed
OR libopenssl0_9_8-32bit-0.9.8j-70.2 is installed
|