Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

SUSE 11 SP2: 2015:1182-1 Important OpenSSL Security Update

suse
Calendar Grey July 3, 2015
Dist Suse Esm H88
The SUSE Security Update for OpenSSL resolves various vulnerabilities and implements important corrections. Ensure you upgrade immediately.
An update that solves 7 vulnerabilities and has two fixes An update that solves 7 vulnerabilities and has two fixes An update that solves 7 vulnerabilities and has two fixes is now...

Summary

OpenSSL 0.9.8k was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes:

Topics%20covered

Topics Covered

security advisory security issue OpenSSL patch important fix SUSE

References

#879179 #929678 #931698 #933898 #933911 #934487

#934489 #934491 #934493

Cross- CVE-2015-1788 CVE-2015-1789 CVE-2015-1790

CVE-2015-1791 CVE-2015-1792 CVE-2015-3216

CVE-2015-4000

Affected Products:

SUSE Studio Onsite 1.3

SUSE Manager 1.7 for SLE 11 SP2

https://www.suse.com/security/cve/CVE-2015-1788.html

https://www.suse.com/security/cve/CVE-2015-1789.html

https://www.suse.com/security/cve/CVE-2015-1790.html

https://www.suse.com/security/cve/CVE-2015-1791.html

https://www.suse.com/security/cve/CVE-2015-1792.html

https://www.suse.com/security/cve/CVE-2015-3216.html

https://www.suse.com/security/cve/CVE-2015-4000.html

https://bugzilla.suse.com/show_bug.cgi?id=879179

https://bugzilla.suse.com/show_bug.cgi?id=929678

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2015:1182-1
Rating: important

Topics%20covered

Topics Covered

security advisory security issue OpenSSL patch important fix SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here