Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

SUSE: 2016:2468-1 High Severity: compat-openssl098 DoS Attack Fix

suse
Calendar Grey October 6, 2016
Dist Suse Esm H88
Patch for compat-openssl098 resolves various vulnerabilities and security concerns. Note: critical severity risks have been addressed.
An update that solves 10 vulnerabilities and has four fixes An update that solves 10 vulnerabilities and has four fixes An update that solves 10 vulnerabilities and has four fixes ...

Summary

This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)

Topics%20covered

Topics Covered

security advisory update DoS security fix SUSE high-severity compat-openssl098

References

#979475 #982575 #983249 #993819 #994749 #994844

#995075 #995324 #995359 #995377 #998190 #999665

#999666 #999668

Cross- CVE-2016-2177 CVE-2016-2178 CVE-2016-2179

CVE-2016-2181 CVE-2016-2182 CVE-2016-2183

CVE-2016-6302 CVE-2016-6303 CVE-2016-6304

CVE-2016-6306

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Module for Legacy Software 12

SUSE Linux Enterprise Desktop 12-SP1

https://www.suse.com/security/cve/CVE-2016-2177.html

https://www.suse.com/security/cve/CVE-2016-2178.html

https://www.suse.com/security/cve/CVE-2016-2179.html

https://www.suse.com/security/cve/CVE-2016-2181.html

https://www.suse.com/security/cve/CVE-2016-2182.html

https://www.suse.com/security/cve/CVE-2016-2183.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2016:2468-1
Rating: important

Topics%20covered

Topics Covered

security advisory update DoS security fix SUSE high-severity compat-openssl098

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here