Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2981-1

Опубликовано: 10 нояб. 2017
Источник: suse-cvrf

Описание

Security update for openssl

This update for openssl fixes the following issues:

Security issues fixed:

  • CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058)
  • adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908)
  • out of bounds read+crash in DES_fcrypt (bsc#1065363)
  • DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825)
  • Missing important ciphers in openssl 1.0.1i-47.1 (bsc#990592)

Bug fixes:

  • support alternate root ca chains (bsc#1032261)

Список пакетов

SUSE Linux Enterprise Server 12 SP1-LTSS
libopenssl1_0_0-1.0.1i-54.8.1
libopenssl1_0_0-32bit-1.0.1i-54.8.1
libopenssl1_0_0-hmac-1.0.1i-54.8.1
libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1
openssl-1.0.1i-54.8.1
openssl-doc-1.0.1i-54.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libopenssl1_0_0-1.0.1i-54.8.1
libopenssl1_0_0-32bit-1.0.1i-54.8.1
libopenssl1_0_0-hmac-1.0.1i-54.8.1
libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1
openssl-1.0.1i-54.8.1
openssl-doc-1.0.1i-54.8.1
SUSE OpenStack Cloud 6
libopenssl1_0_0-1.0.1i-54.8.1
libopenssl1_0_0-32bit-1.0.1i-54.8.1
libopenssl1_0_0-hmac-1.0.1i-54.8.1
libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1
openssl-1.0.1i-54.8.1
openssl-doc-1.0.1i-54.8.1

Ссылки

Описание

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1
Ссылки