Описание
Security update for openssl1
This update for openssl1 fixes the following issues:
Security issues fixed:
- CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058)
- adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908)
- out of bounds read+crash in DES_fcrypt (bsc#1065363)
- DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825)
- Missing important ciphers in openssl 1.0.1i-47.1 (bsc#990592)
Bug fixes:
- support alternate root ca chains (bsc#1032261)
- Require openssl1, so c_rehash1 is available during %post to hash the certificates (bsc#1057660)
Список пакетов
SUSE Linux Enterprise Server 11-SECURITY
libopenssl1-devel-1.0.1g-0.58.3.1
libopenssl1_0_0-1.0.1g-0.58.3.1
libopenssl1_0_0-32bit-1.0.1g-0.58.3.1
libopenssl1_0_0-x86-1.0.1g-0.58.3.1
openssl1-1.0.1g-0.58.3.1
openssl1-doc-1.0.1g-0.58.3.1
Ссылки
- Link for SUSE-SU-2017:2968-1
- E-Mail link for SUSE-SU-2017:2968-1
- SUSE Security Ratings
- SUSE Bug 1027908
- SUSE Bug 1032261
- SUSE Bug 1055825
- SUSE Bug 1056058
- SUSE Bug 1057660
- SUSE Bug 1065363
- SUSE Bug 990592
- SUSE CVE CVE-2017-3735 page
Описание
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
Затронутые продукты
SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.58.3.1
SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.58.3.1
SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.58.3.1
SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.58.3.1
Ссылки
- CVE-2017-3735
- SUSE Bug 1056058