Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2015:10208

Overview

Id SUSE-2015:10208
Name Novell SUSE 2015:10208 compat-openssl097g security update for SLED 11 SP3 i586
Vendor Name novell
Product Novell
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 21 Jan 2015 12:00:00

SUSE-2015:10208

Novell SUSE 2015:10208 compat-openssl097g security update for SLED 11 SP3 i586

Vendor Name

novell

Product

Novell

Released On

21 Jan 2015 12:00:00

Url

http://www.novell.com/support

Description

LSAC(v2)
OpenSSL (compat-openssl097g) has been updated to fix various security issues. More information can be found in the openssl advisory: http://openssl.org/news/secadv_20150108.txt . The following issues have been fixed: * CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. (bsc#912296) * CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015) * CVE-2014-8275: Fixed various certificate fingerprint issues. (bsc#912018) * CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites. (bsc#912014) * CVE-2015-0205: A fix was added to prevent use of DH client certificates without sending certificate verify message. Note that compat-openssl097g is not affected by this problem, a fix was however applied to the sources. (bsc#912293) Security Issues: * CVE-2014-3570 * CVE-2014-3572 * CVE-2014-8275 * CVE-2015-0204 * CVE-2015-0205

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches


Last Updated: 27 May 2016 11:20:35