Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2015:10150

Overview

Id SUSE-2015:10150
Name Novell SUSE 2015:10150 libopenssl-devel security update for SLE 11 SP3 i586
Vendor Name novell
Product Novell
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 12 Jan 2015 12:00:00

SUSE-2015:10150

Novell SUSE 2015:10150 libopenssl-devel security update for SLE 11 SP3 i586

Vendor Name

novell

Product

Novell

Released On

12 Jan 2015 12:00:00

Url

http://www.novell.com/support

Description

LSAC(v2)
OpenSSL has been updated to fix various security issues. More information can be found in the OpenSSL advisory: http://openssl.org/news/secadv_20150108.txt . The following issues have been fixed: * CVE-2014-3570: Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. (bsc#912296) * CVE-2014-3571: Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. (bsc#912294) * CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015) * CVE-2014-8275: Fix various certificate fingerprint issues. (bsc#912018) * CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites. (bsc#912014) * CVE-2015-0205: OpenSSL 0.9.8j is NOT vulnerable to CVE-2015-0205 as it doesn't support DH certificates and this typo prohibits skipping of certificate verify message for sign only certificates anyway. (bsc#912293) Security Issues: * CVE-2014-8275 * CVE-2014-3571 * CVE-2015-0204 * CVE-2014-3572 * CVE-2014-3570 * CVE-2015-0205

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches


Last Updated: 27 May 2016 11:20:35