Описание
Security update for compat-openssl097g
This update for compat-openssl097g fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641)
Security issues fixed:
- CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878)
- degrade 3DES to MEDIUM in SSL2 (bsc#1001912)
- CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499)
Bugs fixed:
- fix crash in openssl speed (bsc#1000677)
- resume reading from /dev/urandom when interrupted by a signal (bsc#995075)
- fix crash in print_notice (bsc#998190)
Список пакетов
SUSE Linux Enterprise Server for SAP Applications 11 SP4
Ссылки
- Link for SUSE-SU-2017:0601-1
- E-Mail link for SUSE-SU-2017:0601-1
- SUSE Security Ratings
- SUSE Bug 1000677
- SUSE Bug 1001912
- SUSE Bug 1004499
- SUSE Bug 1005878
- SUSE Bug 1021641
- SUSE Bug 995075
- SUSE Bug 998190
- SUSE CVE CVE-2016-2108 page
- SUSE CVE CVE-2016-8610 page
Описание
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
Затронутые продукты
Ссылки
- CVE-2016-2108
- SUSE Bug 1001502
- SUSE Bug 1004499
- SUSE Bug 1005878
- SUSE Bug 1148697
- SUSE Bug 977584
- SUSE Bug 977617
- SUSE Bug 978492
- SUSE Bug 989345
- SUSE Bug 996067
Описание
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Затронутые продукты
Ссылки
- CVE-2016-8610
- SUSE Bug 1005878
- SUSE Bug 1005879
- SUSE Bug 1110018
- SUSE Bug 1120592
- SUSE Bug 1126909
- SUSE Bug 1148697
- SUSE Bug 982575