Описание
Security update for libressl
libressl was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-5333: Memory leak when decoding X.509 certificates (boo#950707)
- CVE-2015-5334: Buffer overflow when decoding X.509 certificates (boo#950708)
Список пакетов
openSUSE Leap 42.1
libcrypto36-2.3.0-3.1
libcrypto36-32bit-2.3.0-3.1
libressl-2.3.0-3.1
libressl-devel-2.3.0-3.1
libressl-devel-32bit-2.3.0-3.1
libressl-devel-doc-2.3.0-3.1
libssl37-2.3.0-3.1
libssl37-32bit-2.3.0-3.1
libtls9-2.3.0-3.1
libtls9-32bit-2.3.0-3.1
Ссылки
- E-Mail link for openSUSE-SU-2015:1830-2
- SUSE Security Ratings
Описание
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
Затронутые продукты
openSUSE Leap 42.1:libcrypto36-2.3.0-3.1
openSUSE Leap 42.1:libcrypto36-32bit-2.3.0-3.1
openSUSE Leap 42.1:libressl-2.3.0-3.1
openSUSE Leap 42.1:libressl-devel-2.3.0-3.1
Ссылки
- CVE-2015-5333
- SUSE Bug 950707
- SUSE Bug 950708
Описание
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.
Затронутые продукты
openSUSE Leap 42.1:libcrypto36-2.3.0-3.1
openSUSE Leap 42.1:libcrypto36-32bit-2.3.0-3.1
openSUSE Leap 42.1:libressl-2.3.0-3.1
openSUSE Leap 42.1:libressl-devel-2.3.0-3.1
Ссылки
- CVE-2015-5334
- SUSE Bug 950707
- SUSE Bug 950708