Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

openSUSE Leap 42.1: 2016:2537-1 High Severity OpenSSL DoS Threat

opensuse
Calendar Grey October 14, 2016
Dist Opensuse Esm H88
openSUSE Security Update: Security update for compat-openssl098 ____________________________________
An update that solves 10 vulnerabilities and has four fixes is now available.

Description

This update for compat-openssl098 fixes the following issues:

OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)

Severity: High

* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

(bsc#999666)

Severity: Low

* Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)

* Constant time flag not preserved in DSA signing (CVE-2016-2178)

(bsc#983249)

* DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)

* DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)

* OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)

* Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183)

(bsc#995359)

* Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)

* OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)

* Certificate message OOB reads (CVE-2016-6306) (bsc#999668)

More information can be found on:

https://openssl-library.org/news/secadv/20160922.txt

Bugs fixed:

* update...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-1189=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.1 (i586 x86_64):

compat-openssl098-debugsource-0.9.8j-15.1

libopenssl0_9_8-0.9.8j-15.1

libopenssl0_9_8-debuginfo-0.9.8j-15.1

- openSUSE Leap 42.1 (x86_64):

libopenssl0_9_8-32bit-0.9.8j-15.1

libopenssl0_9_8-debuginfo-32bit-0.9.8j-15.1

References

https://www.suse.com/security/cve/CVE-2016-2177.html

https://www.suse.com/security/cve/CVE-2016-2178.html

https://www.suse.com/security/cve/CVE-2016-2179.html

https://www.suse.com/security/cve/CVE-2016-2181.html

https://www.suse.com/security/cve/CVE-2016-2182.html

https://www.suse.com/security/cve/CVE-2016-2183.html

https://www.suse.com/security/cve/CVE-2016-6302.html

https://www.suse.com/security/cve/CVE-2016-6303.html

https://www.suse.com/security/cve/CVE-2016-6304.html

https://www.suse.com/security/cve/CVE-2016-6306.html

https://bugzilla.suse.com/979475

https://bugzilla.suse.com/982575

https://bugzilla.suse.com/983249

https://bugzilla.suse.com/993819

https://bugzilla.suse.com/994749

https://bugzilla.suse.com/994844

https://bugzilla.suse.com/995075

https://bugzilla.suse.com/995324

https://bugzilla.suse.com/995359

https://bugzilla.suse.com/995377

https://bugzilla.suse.com/998190

https://bugzilla.suse.com/999665

https://bugzilla.suse.com/999666

https://bugzilla.suse.com/999668

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:2537-1
Rating: important
Affected Products: openSUSE Leap 42.1 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.