openSUSE Optional Update: openssl update (including postfix rebuild) ______________________________________________________________________________ Announcement ID: openSUSE-OU-2015:2071-1 Rating: important References: Affected Products: openSUSE Evergreen 11.4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: Update to 1.0.1p: - CVE-2015-1793: fix for CA flag certificate chain validatin logic error, also known as "OprahSSL". * CVE-2015-4000 aka Logjam: TLS MITM DH keylength downgrade * CVE-2015-1788 Malformed ECParameters causes infinite loop * CVE-2015-1789 OOB read in X509_cmp_time via ASN1_TIME string * CVE-2015-1790 PKCS7 crash with missing EnvelopedContent * CVE-2015-1792 CMS verify infinite loop with unknown hash function * CVE-2015-1791 Race condition handling NewSessionTicket (low profile vuln.) - re-diff'd: openssl-ocloexec.patch VIA_padlock_support_on_64systems.patch compression_methods_switch.patch 0005-libssl-Hide-library-private-symbols.patch - openssl-1.0.1c-default-paths.patch replaced by re-diff'd openssl-1.0.1n-default-paths.patch - obsoleted: openssl-CVE-2015-0209.patch (NULL pointer checks were upstreamed differently in upstream versions after Feb 2015) - obsoleted by identical upstream fixes: openssl-CVE-2015-0286.patch openssl-CVE-2015-0287.patch openssl-CVE-2015-0288.patch openssl-CVE-2015-0289.patch openssl-CVE-2015-0293.patch Patch Instructions: To install this openSUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Evergreen 11.4: zypper in -t patch 2015-791=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Evergreen 11.4 (i586 x86_64): libopenssl-devel-1.0.1p-68.2 libopenssl1_0_0-1.0.1p-68.2 libopenssl1_0_0-debuginfo-1.0.1p-68.2 openssl-1.0.1p-68.2 openssl-debuginfo-1.0.1p-68.2 openssl-debugsource-1.0.1p-68.2 postfix-2.7.2-13.38.1 postfix-debuginfo-2.7.2-13.38.1 postfix-debugsource-2.7.2-13.38.1 postfix-devel-2.7.2-13.38.1 postfix-mysql-2.7.2-13.38.1 postfix-mysql-debuginfo-2.7.2-13.38.1 postfix-postgresql-2.7.2-13.38.1 postfix-postgresql-debuginfo-2.7.2-13.38.1 - openSUSE Evergreen 11.4 (x86_64): libopenssl-devel-32bit-1.0.1p-68.2 libopenssl1_0_0-32bit-1.0.1p-68.2 libopenssl1_0_0-debuginfo-32bit-1.0.1p-68.2 - openSUSE Evergreen 11.4 (noarch): openssl-doc-1.0.1p-68.2 postfix-doc-2.7.2-13.38.1 - openSUSE Evergreen 11.4 (ia64): libopenssl1_0_0-debuginfo-x86-1.0.1p-68.2 libopenssl1_0_0-x86-1.0.1p-68.2 References: https://www.suse.com/security/cve/CVE-2015-0209.html https://www.suse.com/security/cve/CVE-2015-0286.html https://www.suse.com/security/cve/CVE-2015-0287.html https://www.suse.com/security/cve/CVE-2015-0288.html https://www.suse.com/security/cve/CVE-2015-0289.html https://www.suse.com/security/cve/CVE-2015-0293.html https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-1793.html https://www.suse.com/security/cve/CVE-2015-4000.html