Описание
Security update for compat-openssl097g
This update for compat-openssl097g fixes the following issues:
Security issue fixed:
- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).
Non-security issue fixed:
- Fixed timing vulnerability in DSA signature generation (bsc#1113742).
Список пакетов
SUSE Linux Enterprise Server for SAP Applications 11 SP4
compat-openssl097g-0.9.7g-146.22.51.8.1
compat-openssl097g-32bit-0.9.7g-146.22.51.8.1
Ссылки
- Link for SUSE-SU-2018:3994-1
- E-Mail link for SUSE-SU-2018:3994-1
- SUSE Security Ratings
- SUSE Bug 1110018
- SUSE Bug 1113742
- SUSE CVE CVE-2016-8610 page
Описание
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Затронутые продукты
SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.51.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.51.8.1
Ссылки
- CVE-2016-8610
- SUSE Bug 1005878
- SUSE Bug 1005879
- SUSE Bug 1110018
- SUSE Bug 1120592
- SUSE Bug 1126909
- SUSE Bug 1148697
- SUSE Bug 982575