Описание
Security update for compat-openssl098
This update for compat-openssl098 fixes the following issues:
Security issue fixed:
- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812)
Non security issue fixed:
- Prevent segfault in s_client with invalid options (bsc#952099)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
compat-openssl098-0.9.8j-6.1
libopenssl0_9_8-0.9.8j-6.1
libopenssl0_9_8-32bit-0.9.8j-6.1
Ссылки
- E-Mail link for openSUSE-SU-2015:2349-1
- SUSE Security Ratings
Описание
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
Затронутые продукты
openSUSE Leap 42.1:compat-openssl098-0.9.8j-6.1
openSUSE Leap 42.1:libopenssl0_9_8-0.9.8j-6.1
openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8j-6.1
Ссылки
- CVE-2015-3195
- SUSE Bug 923755
- SUSE Bug 957812
- SUSE Bug 957815
- SUSE Bug 958768
- SUSE Bug 963977
- SUSE Bug 986238