Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in OpenSSL
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in OpenSSL
ID: openSUSE-SU-2015:0130-1
Distribution: SUSE
Plattformen: openSUSE 13.1, openSUSE 13.2
Datum: Fr, 23. Januar 2015, 22:42
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
Applikationen: OpenSSL

Originalnachricht

 
   openSUSE Security Update: Security update for openssl
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2015:0130-1
Rating:             important
References:         #911399 #912014 #912015 #912018 #912292 #912293 
                    #912294 #912296 
Cross-References:   CVE-2014-3569 CVE-2014-3570 CVE-2014-3571
                    CVE-2014-3572 CVE-2014-8275 CVE-2015-0204
                    CVE-2015-0205 CVE-2015-0206
Affected Products:
                    openSUSE 13.2
                    openSUSE 13.1
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:


   openssl was updated to 1.0.1k to fix various security issues and bugs.

   More information can be found in the openssl advisory:
   http://openssl.org/news/secadv_20150108.txt

   Following issues were fixed:

   * CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced
     incorrect results on some platforms, including x86_64.

   * CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in
     the listen state where you get two separate reads performed - one for
     the header and one for the body of the handshake record.

   * CVE-2014-3572 (bsc#912015): Don't accept a handshake using an
 ephemeral
     ECDH ciphersuites with the server key exchange message omitted.

   * CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues.

   * CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export
     ciphersuites

   * CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client
     certificates without sending certificate verify message.

   * CVE-2015-0206 (bsc#912292): A memory leak was fixed in
     dtls1_buffer_record.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2015-67

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2015-67

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (i586 x86_64):

      libopenssl-devel-1.0.1k-2.16.2
      libopenssl1_0_0-1.0.1k-2.16.2
      libopenssl1_0_0-debuginfo-1.0.1k-2.16.2
      libopenssl1_0_0-hmac-1.0.1k-2.16.2
      openssl-1.0.1k-2.16.2
      openssl-debuginfo-1.0.1k-2.16.2
      openssl-debugsource-1.0.1k-2.16.2

   - openSUSE 13.2 (x86_64):

      libopenssl-devel-32bit-1.0.1k-2.16.2
      libopenssl1_0_0-32bit-1.0.1k-2.16.2
      libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.16.2
      libopenssl1_0_0-hmac-32bit-1.0.1k-2.16.2

   - openSUSE 13.2 (noarch):

      openssl-doc-1.0.1k-2.16.2

   - openSUSE 13.1 (i586 x86_64):

      libopenssl-devel-1.0.1k-11.64.2
      libopenssl1_0_0-1.0.1k-11.64.2
      libopenssl1_0_0-debuginfo-1.0.1k-11.64.2
      openssl-1.0.1k-11.64.2
      openssl-debuginfo-1.0.1k-11.64.2
      openssl-debugsource-1.0.1k-11.64.2

   - openSUSE 13.1 (x86_64):

      libopenssl-devel-32bit-1.0.1k-11.64.2
      libopenssl1_0_0-32bit-1.0.1k-11.64.2
      libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.64.2

   - openSUSE 13.1 (noarch):

      openssl-doc-1.0.1k-11.64.2


References:

   http://support.novell.com/security/cve/CVE-2014-3569.html
   http://support.novell.com/security/cve/CVE-2014-3570.html
   http://support.novell.com/security/cve/CVE-2014-3571.html
   http://support.novell.com/security/cve/CVE-2014-3572.html
   http://support.novell.com/security/cve/CVE-2014-8275.html
   http://support.novell.com/security/cve/CVE-2015-0204.html
   http://support.novell.com/security/cve/CVE-2015-0205.html
   http://support.novell.com/security/cve/CVE-2015-0206.html
   https://bugzilla.suse.com/show_bug.cgi?id=911399
   https://bugzilla.suse.com/show_bug.cgi?id=912014
   https://bugzilla.suse.com/show_bug.cgi?id=912015
   https://bugzilla.suse.com/show_bug.cgi?id=912018
   https://bugzilla.suse.com/show_bug.cgi?id=912292
   https://bugzilla.suse.com/show_bug.cgi?id=912293
   https://bugzilla.suse.com/show_bug.cgi?id=912294
   https://bugzilla.suse.com/show_bug.cgi?id=912296

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung