SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0674-1 Rating: important References: #739719 #742821 #748738 #749210 #749213 #749735 #751946 #758060 #761838 Cross-References: CVE-2006-7250 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 CVE-2012-0050 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update of openssl fixes the following security issues: * Denial of Service or crash via CBC mode handling. (CVE-2012-2333 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
- Incorrect integer conversions that could result in memory corruption. (CVE-2012-2110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
- Potential memory leak in multithreaded key creation.
- Symmetric crypto errors in PKCS7_decrypt.
- Free headers after use in error message.
- S/MIME verification may erroneously fail.
- Tolerating bad MIME headers in ANS.1 parser. (CVE-2012-1165 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165
- DTLS DoS Attack. (CVE-2012-0050 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050
- DTLS Plaintext Recovery Attack. (CVE-2011-4108 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108
- Double-free in Policy Checks. (CVE-2011-4109 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109
- Uninitialized SSL 3.0 Padding. (CVE-2011-4576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
- SGC Restart DoS Attack. (CVE-2011-4619 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
)
)
)
)
)
, CVE-2006-7250 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250 )
, CVE-2012-2131 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131 )
)
Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.45.63.1 openssl-devel-0.9.8a-18.45.63.1 openssl-doc-0.9.8a-18.45.63.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.45.63.1 openssl-devel-32bit-0.9.8a-18.45.63.1 References: http://support.novell.com/security/cve/CVE-2006-7250.html http://support.novell.com/security/cve/CVE-2011-4108.html http://support.novell.com/security/cve/CVE-2011-4109.html http://support.novell.com/security/cve/CVE-2011-4576.html http://support.novell.com/security/cve/CVE-2011-4619.html http://support.novell.com/security/cve/CVE-2012-0050.html http://support.novell.com/security/cve/CVE-2012-1165.html http://support.novell.com/security/cve/CVE-2012-2110.html http://support.novell.com/security/cve/CVE-2012-2131.html http://support.novell.com/security/cve/CVE-2012-2333.html https://bugzilla.novell.com/739719 https://bugzilla.novell.com/742821 https://bugzilla.novell.com/748738 https://bugzilla.novell.com/749210 https://bugzilla.novell.com/749213 https://bugzilla.novell.com/749735 https://bugzilla.novell.com/751946 https://bugzilla.novell.com/758060 https://bugzilla.novell.com/761838 http://download.novell.com/patch/finder/?keywords=615504b4f83955616ed79d66c6... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org