SUSE: 2015:1185-1 Important: OpenSSL Security Update For Issues

suse

July 3, 2015

An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata is ...

Summary

OpenSSL 1.0.1 was updated to fix several security issues: * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2014-8176: Fixed an invalid free in DTLS. * Fixed a timing side channel in RSA decryption. (bsc#929678) Security Issues: * CVE-2014-8176

Topics Covered

security advisory security update OpenSSL important multiple issues SUSE Linux Enterprise patch instructions

References

#929678 #931698 #933911 #934487 #934489 #934491

#934493 #934494

Cross- CVE-2014-8176 CVE-2015-1788 CVE-2015-1789

CVE-2015-1790 CVE-2015-1791 CVE-2015-1792

CVE-2015-4000

Affected Products:

SUSE Linux Enterprise Security Module 11 SP3

https://www.suse.com/security/cve/CVE-2014-8176.html

https://www.suse.com/security/cve/CVE-2015-1788.html

https://www.suse.com/security/cve/CVE-2015-1789.html

https://www.suse.com/security/cve/CVE-2015-1790.html

https://www.suse.com/security/cve/CVE-2015-1791.html

https://www.suse.com/security/cve/CVE-2015-1792.html

https://www.suse.com/security/cve/CVE-2015-4000.html

https://bugzilla.suse.com/show_bug.cgi?id=929678

https://bugzilla.suse.com/931698

https://bugzilla.suse.com/show_bug.cgi?id=933911

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2015:1185-1

Rating: important

Topics Covered

security advisory security update OpenSSL important multiple issues SUSE Linux Enterprise patch instructions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2015:1185-1 Important: OpenSSL Security Update For Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2015:1185-1 Important: OpenSSL Security Update For Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!