[security-announce] SUSE-SU-2012:0674-1: important: Security update for openssl

30 May 2012

         SUSE Security Update: Security update for openssl
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0674-1
Rating:             important
References:         #739719 #742821 #748738 #749210 #749213 #749735 
                    #751946 #758060 #761838 
Cross-References:   CVE-2006-7250 CVE-2011-4108 CVE-2011-4109
                    CVE-2011-4576 CVE-2011-4619 CVE-2012-0050
                    CVE-2012-1165 CVE-2012-2110 CVE-2012-2131
                    CVE-2012-2333
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________

   An update that fixes 10 vulnerabilities is now available.

Description:

   This update of openssl fixes the following security issues:

   * Denial of Service or crash via CBC mode handling.
   (CVE-2012-2333
    )
   * Incorrect integer conversions that could result in
   memory corruption. (CVE-2012-2110
    ,  CVE-2012-2131
    )
   * Potential memory leak in multithreaded key creation.
   * Symmetric crypto errors in PKCS7_decrypt.
   * Free headers after use in error message.
   * S/MIME verification may erroneously fail.
   * Tolerating bad MIME headers in ANS.1 parser.
   (CVE-2012-1165
    ,  CVE-2006-7250
    )
   * DTLS DoS Attack. (CVE-2012-0050
    )
   * DTLS Plaintext Recovery Attack. (CVE-2011-4108
    )
   * Double-free in Policy Checks. (CVE-2011-4109
    )
   * Uninitialized SSL 3.0 Padding. (CVE-2011-4576
    )
   * SGC Restart DoS Attack. (CVE-2011-4619
    )

Package List:

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):

      openssl-0.9.8a-18.45.63.1
      openssl-devel-0.9.8a-18.45.63.1
      openssl-doc-0.9.8a-18.45.63.1

   - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):

      openssl-32bit-0.9.8a-18.45.63.1
      openssl-devel-32bit-0.9.8a-18.45.63.1

References:

   http://support.novell.com/security/cve/CVE-2006-7250.html
   http://support.novell.com/security/cve/CVE-2011-4108.html
   http://support.novell.com/security/cve/CVE-2011-4109.html
   http://support.novell.com/security/cve/CVE-2011-4576.html
   http://support.novell.com/security/cve/CVE-2011-4619.html
   http://support.novell.com/security/cve/CVE-2012-0050.html
   http://support.novell.com/security/cve/CVE-2012-1165.html
   http://support.novell.com/security/cve/CVE-2012-2110.html
   http://support.novell.com/security/cve/CVE-2012-2131.html
   http://support.novell.com/security/cve/CVE-2012-2333.html
   https://bugzilla.novell.com/739719
   https://bugzilla.novell.com/742821
   https://bugzilla.novell.com/748738
   https://bugzilla.novell.com/749210
   https://bugzilla.novell.com/749213
   https://bugzilla.novell.com/749735
   https://bugzilla.novell.com/751946
   https://bugzilla.novell.com/758060
   https://bugzilla.novell.com/761838
   http://download.novell.com/patch/finder/?keywords=615504b4f83955616ed79d66c69aaaae

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

[security-announce] SUSE-SU-2012:0674-1: important: Security update for openssl

opensuse-security＠opensuse.org