SUSE-SU-2014:1557-2: moderate: Security update for compat-openssl097g
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Dec 4 16:04:43 MST 2014
SUSE Security Update: Security update for compat-openssl097g
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:1557-2
Rating: moderate
References: #802184 #880891 #890764 #901223 #901277 #905106
Cross-References: CVE-2013-0166 CVE-2013-0169 CVE-2014-0224
CVE-2014-3470 CVE-2014-3508 CVE-2014-3566
CVE-2014-3568
Affected Products:
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
Description:
The SLES 9 compatibility package compat-openssl097g received a roll up
update fixing various security issues:
* Build option no-ssl3 is incomplete (CVE-2014-3568)
* Add support for TLS_FALLBACK_SCSV (CVE-2014-3566)
* Information leak in pretty printing functions (CVE-2014-3508)
* OCSP bad key DoS attack (CVE-2013-0166)
* SSL/TLS CBC plaintext recovery attack (CVE-2013-0169)
* Anonymous ECDH denial of service (CVE-2014-3470)
* SSL/TLS MITM vulnerability (CVE-2014-0224)
Security Issues:
* CVE-2013-0166
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166>
* CVE-2013-0169
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169>
* CVE-2014-0224
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>
* CVE-2014-3470
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470>
* CVE-2014-3508
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508>
* CVE-2014-3566
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
* CVE-2014-3568
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-compat-openssl097g-10033
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
compat-openssl097g-0.9.7g-146.22.25.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
compat-openssl097g-32bit-0.9.7g-146.22.25.1
References:
http://support.novell.com/security/cve/CVE-2013-0166.html
http://support.novell.com/security/cve/CVE-2013-0169.html
http://support.novell.com/security/cve/CVE-2014-0224.html
http://support.novell.com/security/cve/CVE-2014-3470.html
http://support.novell.com/security/cve/CVE-2014-3508.html
http://support.novell.com/security/cve/CVE-2014-3566.html
http://support.novell.com/security/cve/CVE-2014-3568.html
https://bugzilla.suse.com/show_bug.cgi?id=802184
https://bugzilla.suse.com/show_bug.cgi?id=880891
https://bugzilla.suse.com/show_bug.cgi?id=890764
https://bugzilla.suse.com/show_bug.cgi?id=901223
https://bugzilla.suse.com/show_bug.cgi?id=901277
https://bugzilla.suse.com/show_bug.cgi?id=905106
http://download.suse.com/patch/finder/?keywords=a12966f5561ba5e3afba4dc35a37d352
More information about the sle-security-updates
mailing list