SUSE-RU-2017:2059-1: moderate: Recommended update for openssl
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Mon Aug 7 07:07:27 MDT 2017
SUSE Recommended Update: Recommended update for openssl
______________________________________________________________________________
Announcement ID: SUSE-RU-2017:2059-1
Rating: moderate
References: #1019637 #1027079 #1027688 #1027908 #1028281
#1028723 #1029523 #1042392 #1044095 #1044107
#1044175 #902364
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________
An update that has 12 recommended fixes can now be
installed.
Description:
This update for openssl fixes the following issues including fixes for our
ongoing FIPS 140-2 evaluation:
- Remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE to address SWEET32
problem (bsc#1027908)
- Use getrandom syscall instead of reading from /dev/urandom to get at
least 128 bits of entropy to comply with FIPS 140.2 IG 7.14 (bsc#1027079
bsc#1044175)
- Fix x86 extended feature detection (bsc#1029523)
- Allow runtime switching of s390x capabilities via the "OPENSSL_s390xcap"
environmental variable (bsc#1028723)
- s_client sent empty client certificate (bsc#1028281) Add back
certificate initialization set_cert_key_stuff() which was removed in a
previous update.
- Fix a bug in XTS key handling (bsc#1019637)
- Don't run FIPS power-up self-tests when the checksum files aren't
installed (bsc#1042392)
Patch Instructions:
To install this SUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1268=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1268=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1268=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1268=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1268=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1268=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1268=1
- OpenStack Cloud Magnum Orchestration 7:
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1268=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
libopenssl-devel-1.0.2j-60.11.2
openssl-debuginfo-1.0.2j-60.11.2
openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
libopenssl-devel-1.0.2j-60.11.2
openssl-debuginfo-1.0.2j-60.11.2
openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
libopenssl-devel-1.0.2j-60.11.2
libopenssl1_0_0-1.0.2j-60.11.2
libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
libopenssl1_0_0-hmac-1.0.2j-60.11.2
openssl-1.0.2j-60.11.2
openssl-debuginfo-1.0.2j-60.11.2
openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
openssl-doc-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
libopenssl-devel-1.0.2j-60.11.2
libopenssl1_0_0-1.0.2j-60.11.2
libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
libopenssl1_0_0-hmac-1.0.2j-60.11.2
openssl-1.0.2j-60.11.2
openssl-debuginfo-1.0.2j-60.11.2
openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):
libopenssl1_0_0-32bit-1.0.2j-60.11.2
libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
libopenssl1_0_0-hmac-32bit-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP3 (noarch):
openssl-doc-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
libopenssl-devel-1.0.2j-60.11.2
libopenssl1_0_0-1.0.2j-60.11.2
libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
libopenssl1_0_0-hmac-1.0.2j-60.11.2
openssl-1.0.2j-60.11.2
openssl-debuginfo-1.0.2j-60.11.2
openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):
libopenssl1_0_0-32bit-1.0.2j-60.11.2
libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
libopenssl1_0_0-hmac-32bit-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP2 (noarch):
openssl-doc-1.0.2j-60.11.2
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
libopenssl-devel-1.0.2j-60.11.2
libopenssl1_0_0-1.0.2j-60.11.2
libopenssl1_0_0-32bit-1.0.2j-60.11.2
libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
openssl-1.0.2j-60.11.2
openssl-debuginfo-1.0.2j-60.11.2
openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
libopenssl-devel-1.0.2j-60.11.2
libopenssl1_0_0-1.0.2j-60.11.2
libopenssl1_0_0-32bit-1.0.2j-60.11.2
libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
openssl-1.0.2j-60.11.2
openssl-debuginfo-1.0.2j-60.11.2
openssl-debugsource-1.0.2j-60.11.2
- OpenStack Cloud Magnum Orchestration 7 (x86_64):
libopenssl1_0_0-1.0.2j-60.11.2
libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
openssl-1.0.2j-60.11.2
openssl-debuginfo-1.0.2j-60.11.2
openssl-debugsource-1.0.2j-60.11.2
References:
https://bugzilla.suse.com/1019637
https://bugzilla.suse.com/1027079
https://bugzilla.suse.com/1027688
https://bugzilla.suse.com/1027908
https://bugzilla.suse.com/1028281
https://bugzilla.suse.com/1028723
https://bugzilla.suse.com/1029523
https://bugzilla.suse.com/1042392
https://bugzilla.suse.com/1044095
https://bugzilla.suse.com/1044107
https://bugzilla.suse.com/1044175
https://bugzilla.suse.com/902364
More information about the sle-updates
mailing list