Explore top 10 tips to secure your open-source projects now. Read More
×
This update for openssl fixes the following issues: - OpenSSL Security Advisory [07 Dec 2017] * CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for
#1071905 #1071906
Cross- CVE-2017-3737 CVE-2017-3738
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
SUSE Container as a Service Platform ALL
OpenStack Cloud Magnum Orchestration 7
https://www.suse.com/security/cve/CVE-2017-3737.html
https://www.suse.com/security/cve/CVE-2017-3738.html
https://bugzilla.suse.com/1071905
https://bugzilla.suse.com/1071906
Get the latest Linux and open source security news straight to your inbox.