SUSE-SU-2014:1557-2: moderate: Security update for compat-openssl097g

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Dec 4 16:04:43 MST 2014


   SUSE Security Update: Security update for compat-openssl097g
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:1557-2
Rating:             moderate
References:         #802184 #880891 #890764 #901223 #901277 #905106 
                    
Cross-References:   CVE-2013-0166 CVE-2013-0169 CVE-2014-0224
                    CVE-2014-3470 CVE-2014-3508 CVE-2014-3566
                    CVE-2014-3568
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that fixes 7 vulnerabilities is now available.

Description:


   The SLES 9 compatibility package compat-openssl097g received a roll up
   update fixing various security issues:

       * Build option no-ssl3 is incomplete (CVE-2014-3568)
       * Add support for TLS_FALLBACK_SCSV (CVE-2014-3566)
       * Information leak in pretty printing functions (CVE-2014-3508)
       * OCSP bad key DoS attack (CVE-2013-0166)
       * SSL/TLS CBC plaintext recovery attack (CVE-2013-0169)
       * Anonymous ECDH denial of service (CVE-2014-3470)
       * SSL/TLS MITM vulnerability (CVE-2014-0224)

   Security Issues:

       * CVE-2013-0166
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166>
       * CVE-2013-0169
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169>
       * CVE-2014-0224
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>
       * CVE-2014-3470
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470>
       * CVE-2014-3508
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508>
       * CVE-2014-3566
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
       * CVE-2014-3568
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-compat-openssl097g-10033

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      compat-openssl097g-0.9.7g-146.22.25.1

   - SUSE Linux Enterprise Desktop 11 SP3 (x86_64):

      compat-openssl097g-32bit-0.9.7g-146.22.25.1


References:

   http://support.novell.com/security/cve/CVE-2013-0166.html
   http://support.novell.com/security/cve/CVE-2013-0169.html
   http://support.novell.com/security/cve/CVE-2014-0224.html
   http://support.novell.com/security/cve/CVE-2014-3470.html
   http://support.novell.com/security/cve/CVE-2014-3508.html
   http://support.novell.com/security/cve/CVE-2014-3566.html
   http://support.novell.com/security/cve/CVE-2014-3568.html
   https://bugzilla.suse.com/show_bug.cgi?id=802184
   https://bugzilla.suse.com/show_bug.cgi?id=880891
   https://bugzilla.suse.com/show_bug.cgi?id=890764
   https://bugzilla.suse.com/show_bug.cgi?id=901223
   https://bugzilla.suse.com/show_bug.cgi?id=901277
   https://bugzilla.suse.com/show_bug.cgi?id=905106
   http://download.suse.com/patch/finder/?keywords=a12966f5561ba5e3afba4dc35a37d352



More information about the sle-security-updates mailing list