SUSE-SU-2012:0674-1: important: Security update for openssl

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed May 30 15:08:16 MDT 2012


   SUSE Security Update: Security update for openssl
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0674-1
Rating:             important
References:         #739719 #742821 #748738 #749210 #749213 #749735 
                    #751946 #758060 #761838 
Cross-References:   CVE-2006-7250 CVE-2011-4108 CVE-2011-4109
                    CVE-2011-4576 CVE-2011-4619 CVE-2012-0050
                    CVE-2012-1165 CVE-2012-2110 CVE-2012-2131
                    CVE-2012-2333
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________

   An update that fixes 10 vulnerabilities is now available.

Description:


   This update of openssl fixes the following security issues:

   * Denial of Service or crash via CBC mode handling.
   (CVE-2012-2333
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
   > )
   * Incorrect integer conversions that could result in
   memory corruption. (CVE-2012-2110
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
   > ,  CVE-2012-2131
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131
   > )
   * Potential memory leak in multithreaded key creation.
   * Symmetric crypto errors in PKCS7_decrypt.
   * Free headers after use in error message.
   * S/MIME verification may erroneously fail.
   * Tolerating bad MIME headers in ANS.1 parser.
   (CVE-2012-1165
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165
   > ,  CVE-2006-7250
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250
   > )
   * DTLS DoS Attack. (CVE-2012-0050
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050
   > )
   * DTLS Plaintext Recovery Attack. (CVE-2011-4108
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108
   > )
   * Double-free in Policy Checks. (CVE-2011-4109
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109
   > )
   * Uninitialized SSL 3.0 Padding. (CVE-2011-4576
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
   > )
   * SGC Restart DoS Attack. (CVE-2011-4619
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
   > )



Package List:

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):

      openssl-0.9.8a-18.45.63.1
      openssl-devel-0.9.8a-18.45.63.1
      openssl-doc-0.9.8a-18.45.63.1

   - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):

      openssl-32bit-0.9.8a-18.45.63.1
      openssl-devel-32bit-0.9.8a-18.45.63.1


References:

   http://support.novell.com/security/cve/CVE-2006-7250.html
   http://support.novell.com/security/cve/CVE-2011-4108.html
   http://support.novell.com/security/cve/CVE-2011-4109.html
   http://support.novell.com/security/cve/CVE-2011-4576.html
   http://support.novell.com/security/cve/CVE-2011-4619.html
   http://support.novell.com/security/cve/CVE-2012-0050.html
   http://support.novell.com/security/cve/CVE-2012-1165.html
   http://support.novell.com/security/cve/CVE-2012-2110.html
   http://support.novell.com/security/cve/CVE-2012-2131.html
   http://support.novell.com/security/cve/CVE-2012-2333.html
   https://bugzilla.novell.com/739719
   https://bugzilla.novell.com/742821
   https://bugzilla.novell.com/748738
   https://bugzilla.novell.com/749210
   https://bugzilla.novell.com/749213
   https://bugzilla.novell.com/749735
   https://bugzilla.novell.com/751946
   https://bugzilla.novell.com/758060
   https://bugzilla.novell.com/761838
   http://download.novell.com/patch/finder/?keywords=615504b4f83955616ed79d66c69aaaae



More information about the sle-updates mailing list