Описание
Security update for openssl
This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641)
Security issues fixed:
- CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334)
- CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878)
- degrade 3DES to MEDIUM in SSL2 (bsc#1001912)
- CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499)
Bugs fixed:
- fix crash in openssl speed (bsc#1000677)
- don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
libopenssl-devel-0.9.8j-0.105.1
libopenssl0_9_8-0.9.8j-0.105.1
libopenssl0_9_8-hmac-0.9.8j-0.105.1
openssl-0.9.8j-0.105.1
openssl-doc-0.9.8j-0.105.1
SUSE Linux Enterprise Server 11 SP3-LTSS
libopenssl-devel-0.9.8j-0.105.1
libopenssl0_9_8-0.9.8j-0.105.1
libopenssl0_9_8-32bit-0.9.8j-0.105.1
libopenssl0_9_8-hmac-0.9.8j-0.105.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1
openssl-0.9.8j-0.105.1
openssl-doc-0.9.8j-0.105.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
libopenssl-devel-0.9.8j-0.105.1
libopenssl0_9_8-0.9.8j-0.105.1
libopenssl0_9_8-32bit-0.9.8j-0.105.1
libopenssl0_9_8-hmac-0.9.8j-0.105.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1
openssl-0.9.8j-0.105.1
openssl-doc-0.9.8j-0.105.1
SUSE Linux Enterprise Server 11 SP4
libopenssl0_9_8-0.9.8j-0.105.1
libopenssl0_9_8-32bit-0.9.8j-0.105.1
libopenssl0_9_8-hmac-0.9.8j-0.105.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1
libopenssl0_9_8-x86-0.9.8j-0.105.1
openssl-0.9.8j-0.105.1
openssl-doc-0.9.8j-0.105.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libopenssl0_9_8-0.9.8j-0.105.1
libopenssl0_9_8-32bit-0.9.8j-0.105.1
libopenssl0_9_8-hmac-0.9.8j-0.105.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1
libopenssl0_9_8-x86-0.9.8j-0.105.1
openssl-0.9.8j-0.105.1
openssl-doc-0.9.8j-0.105.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libopenssl-devel-0.9.8j-0.105.1
libopenssl-devel-32bit-0.9.8j-0.105.1
SUSE Manager 2.1
libopenssl-devel-0.9.8j-0.105.1
libopenssl0_9_8-0.9.8j-0.105.1
libopenssl0_9_8-32bit-0.9.8j-0.105.1
libopenssl0_9_8-hmac-0.9.8j-0.105.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1
openssl-0.9.8j-0.105.1
openssl-doc-0.9.8j-0.105.1
SUSE Manager Proxy 2.1
libopenssl-devel-0.9.8j-0.105.1
libopenssl0_9_8-0.9.8j-0.105.1
libopenssl0_9_8-32bit-0.9.8j-0.105.1
libopenssl0_9_8-hmac-0.9.8j-0.105.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1
openssl-0.9.8j-0.105.1
openssl-doc-0.9.8j-0.105.1
SUSE OpenStack Cloud 5
libopenssl-devel-0.9.8j-0.105.1
libopenssl0_9_8-0.9.8j-0.105.1
libopenssl0_9_8-32bit-0.9.8j-0.105.1
libopenssl0_9_8-hmac-0.9.8j-0.105.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1
openssl-0.9.8j-0.105.1
openssl-doc-0.9.8j-0.105.1
SUSE Studio Onsite 1.3
libopenssl-devel-0.9.8j-0.105.1
Ссылки
- Link for SUSE-SU-2017:0585-1
- E-Mail link for SUSE-SU-2017:0585-1
- SUSE Security Ratings
- SUSE Bug 1000677
- SUSE Bug 1001912
- SUSE Bug 1004499
- SUSE Bug 1005878
- SUSE Bug 1019334
- SUSE Bug 1021641
- SUSE Bug 984663
- SUSE CVE CVE-2016-2108 page
- SUSE CVE CVE-2016-7056 page
- SUSE CVE CVE-2016-8610 page
Описание
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.105.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.105.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.105.1
SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.105.1
Ссылки
- CVE-2016-2108
- SUSE Bug 1001502
- SUSE Bug 1004499
- SUSE Bug 1005878
- SUSE Bug 1148697
- SUSE Bug 977584
- SUSE Bug 977617
- SUSE Bug 978492
- SUSE Bug 989345
- SUSE Bug 996067
Описание
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.105.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.105.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.105.1
SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.105.1
Ссылки
- CVE-2016-7056
- SUSE Bug 1005878
- SUSE Bug 1019334
- SUSE Bug 1148697
Описание
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.105.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.105.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.105.1
SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.105.1
Ссылки
- CVE-2016-8610
- SUSE Bug 1005878
- SUSE Bug 1005879
- SUSE Bug 1110018
- SUSE Bug 1120592
- SUSE Bug 1126909
- SUSE Bug 1148697
- SUSE Bug 982575