Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:0954-1

Опубликовано: 25 мар. 2021
Источник: suse-cvrf

Описание

Security update for openssl-1_1

This update for openssl-1_1 fixes the following security issue:

  • CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852]

Список пакетов

Image SLES12-SP5-Azure-BYOS
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-Azure-Basic-On-Demand
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-Azure-HPC-BYOS
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-Azure-HPC-On-Demand
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-Azure-SAP-BYOS
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-Azure-SAP-On-Demand
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-Azure-Standard-On-Demand
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-EC2-BYOS
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-EC2-ECS-On-Demand
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-EC2-On-Demand
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-EC2-SAP-BYOS
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-EC2-SAP-On-Demand
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-GCE-BYOS
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-GCE-On-Demand
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-GCE-SAP-BYOS
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-GCE-SAP-On-Demand
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libopenssl1_1-1.1.1d-2.33.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libopenssl1_1-1.1.1d-2.33.1
libopenssl1_1-32bit-1.1.1d-2.33.1
openssl-1_1-1.1.1d-2.33.1
SUSE Linux Enterprise Server 12 SP5
libopenssl1_1-1.1.1d-2.33.1
libopenssl1_1-32bit-1.1.1d-2.33.1
openssl-1_1-1.1.1d-2.33.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libopenssl1_1-1.1.1d-2.33.1
libopenssl1_1-32bit-1.1.1d-2.33.1
openssl-1_1-1.1.1d-2.33.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libopenssl1_1-1.1.1d-2.33.1
libopenssl1_1-32bit-1.1.1d-2.33.1
openssl-1_1-1.1.1d-2.33.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libopenssl-1_1-devel-1.1.1d-2.33.1
libopenssl-1_1-devel-32bit-1.1.1d-2.33.1
SUSE OpenStack Cloud 9
libopenssl1_1-1.1.1d-2.33.1
libopenssl1_1-32bit-1.1.1d-2.33.1
openssl-1_1-1.1.1d-2.33.1
SUSE OpenStack Cloud Crowbar 9
libopenssl1_1-1.1.1d-2.33.1
libopenssl1_1-32bit-1.1.1d-2.33.1
openssl-1_1-1.1.1d-2.33.1

Ссылки

Описание

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-Azure-Basic-On-Demand:libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-Azure-HPC-BYOS:libopenssl1_1-1.1.1d-2.33.1
Image SLES12-SP5-Azure-HPC-On-Demand:libopenssl1_1-1.1.1d-2.33.1
Ссылки
Уязвимость SUSE-SU-2021:0954-1