Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 461
Alerts This Week
Warning Icon 1 461

openSUSE 13.1: Critical OpenSSL Vulnerabilities Identified in 2016

opensuse
Calendar Grey May 5, 2016
Dist Opensuse Esm H88
Urgent patches released for Fedora 29 tackling several significant vulnerabilities in libcurl. Take action to safeguard your infrastructure!
An update that solves 5 vulnerabilities and has one errata is now available.

Description

This update for openssl fixes the following issues:

- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)

- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)

- CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)

- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)

- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)

- bsc#976943: Buffer overrun in ASN1_parse

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch 2016-562=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.1 (i586 x86_64):

libopenssl-devel-1.0.1k-11.87.1

libopenssl1_0_0-1.0.1k-11.87.1

libopenssl1_0_0-debuginfo-1.0.1k-11.87.1

openssl-1.0.1k-11.87.1

openssl-debuginfo-1.0.1k-11.87.1

openssl-debugsource-1.0.1k-11.87.1

- openSUSE 13.1 (x86_64):

libopenssl-devel-32bit-1.0.1k-11.87.1

libopenssl1_0_0-32bit-1.0.1k-11.87.1

libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.87.1

- openSUSE 13.1 (noarch):

openssl-doc-1.0.1k-11.87.1

References

https://www.suse.com/security/cve/CVE-2016-2105.html

https://www.suse.com/security/cve/CVE-2016-2106.html

https://www.suse.com/security/cve/CVE-2016-2107.html

https://www.suse.com/security/cve/CVE-2016-2108.html

https://www.suse.com/security/cve/CVE-2016-2109.html

https://bugzilla.suse.com/976942

https://bugzilla.suse.com/976943

https://bugzilla.suse.com/977614

https://bugzilla.suse.com/977615

https://bugzilla.suse.com/977616

https://bugzilla.suse.com/977617

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:1240-1
Rating: important
Affected Products: openSUSE 13.1 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.