SUSE-RU-2014:0684-1: important: Recommended update for OpenSSL

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue May 20 16:04:12 MDT 2014 

   SUSE Recommended Update: Recommended update for OpenSSL
______________________________________________________________________________

Announcement ID:    SUSE-RU-2014:0684-1
Rating:             important
References:         #875638 
Affected Products:
                    SLE CLIENT TOOLS 10 for x86_64
                    SLE CLIENT TOOLS 10 for s390x
                    SLE CLIENT TOOLS 10
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   The latest openssl and openssl-certs packages released for SLES 10-SP4
   LTSS have been pushed to SUSE Manager's Client Tools 10 update repository
   to ease bootstraping of SLES 10-SP4.

   These updates include the following fixes and enhancements:

       * The TLS/SSL library OpenSSL was updated to provide support for SSL
         X.509 certificate hashes sha256, sha384 and sha512, which become
         more common. The Novell Update servers that host updates for SUSE
         Linux Enterprise will switch to these certificates in the near
         future.
       * OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the
         FLUSH+RELOAD Cache Side-channel Attack the Nonces could have been
         recovered. (CVE-2014-0076)
       * The openssl-certs package has been updated to match the certificates
         contained in the Mozilla NSS 3.15.4 release.

   Security Issue reference:

       * CVE-2014-0076
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076>



Package List:

   - SLE CLIENT TOOLS 10 for x86_64 (x86_64):

      openssl-0.9.8a-18.80.5
      openssl-32bit-0.9.8a-18.80.5
      openssl-devel-0.9.8a-18.80.5
      openssl-devel-32bit-0.9.8a-18.80.5
      openssl-doc-0.9.8a-18.80.5

   - SLE CLIENT TOOLS 10 for x86_64 (noarch):

      openssl-certs-1.96-0.18.1

   - SLE CLIENT TOOLS 10 for s390x (noarch):

      openssl-certs-1.96-0.18.1

   - SLE CLIENT TOOLS 10 for s390x (s390x):

      openssl-0.9.8a-18.80.5
      openssl-32bit-0.9.8a-18.80.5
      openssl-devel-0.9.8a-18.80.5
      openssl-devel-32bit-0.9.8a-18.80.5
      openssl-doc-0.9.8a-18.80.5

   - SLE CLIENT TOOLS 10 (noarch):

      openssl-certs-1.96-0.18.1

   - SLE CLIENT TOOLS 10 (i586):

      openssl-0.9.8a-18.80.5
      openssl-devel-0.9.8a-18.80.5
      openssl-doc-0.9.8a-18.80.5


References:

   http://support.novell.com/security/cve/CVE-2014-0076.html
   https://bugzilla.novell.com/875638
   http://download.suse.com/patch/finder/?keywords=8e5c4e370d2b0280ab45760772f87e68

More information about the sle-updates mailing list