Описание
Recommended update for compat-openssl097g
The compat-openssl097g package was updated to fix a regression in the security patch for CVE-2015-0287 that broke loading DSA keys from file. (bsc#937492)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
compat-openssl097g-0.9.7g-146.22.33.1
compat-openssl097g-32bit-0.9.7g-146.22.33.1
SUSE Linux Enterprise Desktop 11 SP4
compat-openssl097g-0.9.7g-146.22.33.1
compat-openssl097g-32bit-0.9.7g-146.22.33.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
compat-openssl097g-0.9.7g-146.22.33.1
compat-openssl097g-32bit-0.9.7g-146.22.33.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
compat-openssl097g-0.9.7g-146.22.33.1
compat-openssl097g-32bit-0.9.7g-146.22.33.1
Ссылки
- Link for SUSE-RU-2015:1477-1
- E-Mail link for SUSE-RU-2015:1477-1
- SUSE Security Ratings
- SUSE Bug 937492
- SUSE CVE CVE-2015-0287 page
Описание
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:compat-openssl097g-0.9.7g-146.22.33.1
SUSE Linux Enterprise Desktop 11 SP3:compat-openssl097g-32bit-0.9.7g-146.22.33.1
SUSE Linux Enterprise Desktop 11 SP4:compat-openssl097g-0.9.7g-146.22.33.1
SUSE Linux Enterprise Desktop 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.33.1
Ссылки
- CVE-2015-0287
- SUSE Bug 912014
- SUSE Bug 919648
- SUSE Bug 922499
- SUSE Bug 936586
- SUSE Bug 937891
- SUSE Bug 968888
- SUSE Bug 991722