Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2015:2318-1

Опубликовано: 18 дек. 2015
Источник: suse-cvrf

Описание

Security update for libressl

LibreSSL was updated to fix two security issues inherited from OpenSSL.

The following vulnerabilities were fixed:

  • CVE-2015-3194: NULL pointer dereference in client side certificate validation
  • CVE-2015-3195: Memory leak in PKCS7 - not reachable from TLS/SSL

Список пакетов

openSUSE Leap 42.1
libcrypto36-2.3.0-7.1
libcrypto36-32bit-2.3.0-7.1
libressl-2.3.0-7.1
libressl-devel-2.3.0-7.1
libressl-devel-32bit-2.3.0-7.1
libressl-devel-doc-2.3.0-7.1
libssl37-2.3.0-7.1
libssl37-32bit-2.3.0-7.1
libtls9-2.3.0-7.1
libtls9-32bit-2.3.0-7.1

Ссылки

Описание

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

Затронутые продукты
openSUSE Leap 42.1:libcrypto36-2.3.0-7.1
openSUSE Leap 42.1:libcrypto36-32bit-2.3.0-7.1
openSUSE Leap 42.1:libressl-2.3.0-7.1
openSUSE Leap 42.1:libressl-devel-2.3.0-7.1
Ссылки

Описание

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Затронутые продукты
openSUSE Leap 42.1:libcrypto36-2.3.0-7.1
openSUSE Leap 42.1:libcrypto36-32bit-2.3.0-7.1
openSUSE Leap 42.1:libressl-2.3.0-7.1
openSUSE Leap 42.1:libressl-devel-2.3.0-7.1
Ссылки
Уязвимость openSUSE-SU-2015:2318-1