SUSE-SU-2015:0172-2: moderate: Security update for OpenSSL

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri Jan 30 19:05:47 MST 2015


   SUSE Security Update: Security update for OpenSSL
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0172-2
Rating:             moderate
References:         #912014 #912015 #912018 #912293 #912294 #912296 
                    
Cross-References:   CVE-2014-3570 CVE-2014-3571 CVE-2014-3572
                    CVE-2014-8275 CVE-2015-0204 CVE-2015-0205
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Server 11 SP2 LTSS
                    SUSE Linux Enterprise Server 11 SP1 LTSS
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available. It
   includes one version update.

Description:


   OpenSSL has been updated to fix various security issues.

   More information can be found in the OpenSSL advisory:
   http://openssl.org/news/secadv_20150108.txt
   <http://openssl.org/news/secadv_20150108.txt> .

   The following issues have been fixed:

       *

         CVE-2014-3570: Bignum squaring (BN_sqr) may produce incorrect results
         on some platforms, including x86_64. (bsc#912296)

       *

         CVE-2014-3571: Fix crash in dtls1_get_record whilst in the listen
   state where you get two separate reads performed - one for the header and
   one for the body of the handshake record. (bsc#912294)

       *

         CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH
   ciphersuites with the server key exchange message omitted. (bsc#912015)

       *

         CVE-2014-8275: Fix various certificate fingerprint issues.
   (bsc#912018)

       *

         CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites.
   (bsc#912014)

       *

         CVE-2015-0205: OpenSSL 0.9.8j is NOT vulnerable to CVE-2015-0205 as
   it doesn't support DH certificates and this typo prohibits skipping
         of certificate verify message for sign only certificates anyway.
   (bsc#912293)

   Security Issues:

       * CVE-2014-8275
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275>
       * CVE-2014-3571
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571>
       * CVE-2015-0204
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204>
       * CVE-2014-3572
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572>
       * CVE-2014-3570
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570>
       * CVE-2015-0205
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-libopenssl-devel-10150

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-libopenssl-devel-10150

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-libopenssl-devel-10150

   - SUSE Linux Enterprise Server 11 SP2 LTSS:

      zypper in -t patch slessp2-libopenssl-devel-10153

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-libopenssl-devel-10152

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-libopenssl-devel-10150

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      libopenssl-devel-0.9.8j-0.68.1

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):

      libopenssl0_9_8-0.9.8j-0.68.1
      libopenssl0_9_8-hmac-0.9.8j-0.68.1
      openssl-0.9.8j-0.68.1
      openssl-doc-0.9.8j-0.68.1

   - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64):

      libopenssl0_9_8-32bit-0.9.8j-0.68.1
      libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      libopenssl0_9_8-0.9.8j-0.68.1
      libopenssl0_9_8-hmac-0.9.8j-0.68.1
      openssl-0.9.8j-0.68.1
      openssl-doc-0.9.8j-0.68.1

   - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64):

      libopenssl0_9_8-32bit-0.9.8j-0.68.1
      libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1

   - SUSE Linux Enterprise Server 11 SP3 (ia64):

      libopenssl0_9_8-x86-0.9.8j-0.68.1

   - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64):

      libopenssl-devel-0.9.8j-0.68.1
      libopenssl0_9_8-0.9.8j-0.68.1
      libopenssl0_9_8-hmac-0.9.8j-0.68.1
      openssl-0.9.8j-0.68.1
      openssl-doc-0.9.8j-0.68.1

   - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64):

      libopenssl0_9_8-32bit-0.9.8j-0.68.1
      libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 0.9.8j]:

      libopenssl-devel-0.9.8j-0.68.1
      libopenssl0_9_8-0.9.8j-0.68.1
      libopenssl0_9_8-hmac-0.9.8j-0.68.1
      openssl-0.9.8j-0.68.1
      openssl-doc-0.9.8j-0.68.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 0.9.8j]:

      libopenssl0_9_8-32bit-0.9.8j-0.68.1
      libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      libopenssl0_9_8-0.9.8j-0.68.1
      openssl-0.9.8j-0.68.1

   - SUSE Linux Enterprise Desktop 11 SP3 (x86_64):

      libopenssl0_9_8-32bit-0.9.8j-0.68.1


References:

   http://support.novell.com/security/cve/CVE-2014-3570.html
   http://support.novell.com/security/cve/CVE-2014-3571.html
   http://support.novell.com/security/cve/CVE-2014-3572.html
   http://support.novell.com/security/cve/CVE-2014-8275.html
   http://support.novell.com/security/cve/CVE-2015-0204.html
   http://support.novell.com/security/cve/CVE-2015-0205.html
   https://bugzilla.suse.com/show_bug.cgi?id=912014
   https://bugzilla.suse.com/show_bug.cgi?id=912015
   https://bugzilla.suse.com/show_bug.cgi?id=912018
   https://bugzilla.suse.com/show_bug.cgi?id=912293
   https://bugzilla.suse.com/show_bug.cgi?id=912294
   https://bugzilla.suse.com/show_bug.cgi?id=912296
   http://download.suse.com/patch/finder/?keywords=215a4ad1322885e63313cef2469eebee
   http://download.suse.com/patch/finder/?keywords=2b0cde543cb6d47a7199aabdb1cb1b7c
   http://download.suse.com/patch/finder/?keywords=496681322ababb917876fbafe894c0ba



More information about the sle-updates mailing list