Описание
Security update for compat-openssl098
This update for compat-openssl098 fixes the following issues:
Security issue fixed:;
- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812)
Non security issue fixed:
- Prevent segfault in s_client with invalid options (bsc#952099)
Список пакетов
SUSE Linux Enterprise Desktop 12
libopenssl0_9_8-0.9.8j-87.1
libopenssl0_9_8-32bit-0.9.8j-87.1
SUSE Linux Enterprise Desktop 12 SP1
libopenssl0_9_8-0.9.8j-87.1
libopenssl0_9_8-32bit-0.9.8j-87.1
SUSE Linux Enterprise Module for Legacy 12
libopenssl0_9_8-0.9.8j-87.1
libopenssl0_9_8-32bit-0.9.8j-87.1
Ссылки
- Link for SUSE-SU-2015:2342-1
- E-Mail link for SUSE-SU-2015:2342-1
- SUSE Security Ratings
- SUSE Bug 952099
- SUSE Bug 957812
- SUSE CVE CVE-2015-3195 page
Описание
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-87.1
SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-87.1
SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-87.1
SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-87.1
Ссылки
- CVE-2015-3195
- SUSE Bug 923755
- SUSE Bug 957812
- SUSE Bug 957815
- SUSE Bug 958768
- SUSE Bug 963977
- SUSE Bug 986238