Описание
Recommended update for compat-openssl098
This update of compat-openssl098 fixes a regression problem when loading DSA keys from disk caused by the security fix for CVE-2015-0287. (bsc#937492)
Список пакетов
SUSE Linux Enterprise Desktop 12
libopenssl0_9_8-0.9.8j-81.1
libopenssl0_9_8-32bit-0.9.8j-81.1
SUSE Linux Enterprise Module for Legacy 12
libopenssl0_9_8-0.9.8j-81.1
libopenssl0_9_8-32bit-0.9.8j-81.1
Ссылки
- Link for SUSE-RU-2015:1411-1
- E-Mail link for SUSE-RU-2015:1411-1
- SUSE Security Ratings
- SUSE Bug 937492
- SUSE CVE CVE-2015-0287 page
Описание
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-81.1
SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-81.1
SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-81.1
SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-81.1
Ссылки
- CVE-2015-0287
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 922499
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 968888
- SUSE Bug 991722