SUSE-SU-2015:0166-1: moderate: Security update for OpenSSL

sle-security-updates at sle-security-updates at
Wed Jan 28 17:06:08 MST 2015

   SUSE Security Update: Security update for OpenSSL

Announcement ID:    SUSE-SU-2015:0166-1
Rating:             moderate
References:         #912014 #912015 #912018 #912292 #912293 #912294 
Cross-References:   CVE-2014-3570 CVE-2014-3571 CVE-2014-3572
                    CVE-2014-8275 CVE-2015-0204 CVE-2015-0205
Affected Products:
                    SLE CLIENT TOOLS 10 for x86_64
                    SLE CLIENT TOOLS 10 for s390x
                    SLE CLIENT TOOLS 10

   An update that solves 6 vulnerabilities and has one errata
   is now available.


   OpenSSL has been updated to fix various security issues. More information
   can be found in the OpenSSL advisory at
   <> .

   The following issues have been fixed:

       * CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect
         results on some platforms, including x86_64. (bsc#912296)
       * CVE-2014-3571: Fixed crash in dtls1_get_record whilst in the listen
         state where you get two separate reads performed - one for the
         header and one for the body of the handshake record. (bsc#912294)
       * CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH
         ciphersuites with the server key exchange message omitted.
       * CVE-2014-8275: Fixed various certificate fingerprint issues.
       * CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites.
       * CVE-2015-0205: A fix was added to prevent use of DH client
         certificates without sending certificate verify message.
         (bsc#912293) Although the OpenSSL library from SLES 10 is not
         affected by this problem, a fix has been applied to the sources.
       * CVE-2015-0206: A memory leak was fixed in dtls1_buffer_record.

   Security Issues:

       * CVE-2014-8275
       * CVE-2014-3571
       * CVE-2015-0204
       * CVE-2014-3572
       * CVE-2014-3570
       * CVE-2015-0205

Package List:

   - SLE CLIENT TOOLS 10 for x86_64 (x86_64):


   - SLE CLIENT TOOLS 10 for s390x (s390x):


   - SLE CLIENT TOOLS 10 (i586):



More information about the sle-security-updates mailing list