Описание
Recommended update for openssl1
This openssl update fixes a regression caused by the patch for CVE-2015-0287, which could cause DSA keys not be correctly loaded from disk. (bsc#937492)
Список пакетов
SUSE Linux Enterprise Server 11-SECURITY
libopenssl1-devel-1.0.1g-0.32.1
libopenssl1_0_0-1.0.1g-0.32.1
libopenssl1_0_0-32bit-1.0.1g-0.32.1
libopenssl1_0_0-x86-1.0.1g-0.32.1
openssl1-1.0.1g-0.32.1
openssl1-doc-1.0.1g-0.32.1
Ссылки
- Link for SUSE-RU-2015:1412-1
- E-Mail link for SUSE-RU-2015:1412-1
- SUSE Security Ratings
- SUSE Bug 937492
- SUSE CVE CVE-2015-0287 page
Описание
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
Затронутые продукты
SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.32.1
SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.32.1
SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.32.1
SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.32.1
Ссылки
- CVE-2015-0287
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 922499
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 968888
- SUSE Bug 991722