* CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64.
* CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record.
* CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted.
* CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues.
* CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export ciphersuites
* CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client certificates without sending certificate verify message.
* CVE-2015-0206 (bsc#912292): A memory leak was fixed in dtls1_buffer_record.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-67
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-67
To bring your system up-to-date, use "zypper patch".