Dear openSUSE users, The OpenSSL Project recently pre-announced [1], and how has released [2] an advisory for a security issue with a severity rated "high". This was picked up in various news articles [3] [4]. A detail which was not known to the general public at the time when these were written was that the issue affects 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o specifically. The fixed releases are 1.0.1p and 1.0.2d, and CVE-2015-1793 was assigned to the issue. The OpenSSL versions shipped in openSUSE 13.1 and 13.2 are not affected. The openSUSE Tumbleweed distribution never received a vulnerable version and was never affected. The next submission into Factory will skip any vulnerable versions. We have updated the Bugzilla entry [5] and CVE page [6] to that effect. [1] https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html [2] https://www.openssl.org/news/secadv_20150709.txt [3] http://www.heise.de/security/meldung/Kritischer-OpenSSL-Patch-voraus-2739804... [4] http://www.securityweek.com/openssl-preparing-updates-patch-high-severity-vu... [5] https://bugzilla.opensuse.org/show_bug.cgi?id=CVE-2015-1793 [6] https://www.suse.com/security/cve/CVE-2015-1793.html On behalf of the SUSE Security team, Andreas Stieger -- Andreas Stieger <astieger@suse.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)