openSUSE Security November 2014

security@lists.opensuse.org

12 participants
11 discussions

[opensuse-security] AW: [security-announce] SUSE-SU-2014:1357-1: important: Security update for openssl1
by hans.paffrath＠stadt-koeln.de 05 Nov '14

05 Nov '14

Hello, I've got a view questions about this patch: First: Until now we have an openssl rpm installed with SLES11SP3. This seemed to be a patch for openssl1. Is it just because we are now on openssl.1...... or is openssl1 a alternative package? Second: In the list of fixed updates we find the poodle leak .... For this you announced a workaround: https://www.suse.com/support/kb/doc.php?id=7015773 After installing the patch: do we need the workarounds - specially for postfix and apache2 any longer? Thanks for the information. Mit freundlichem Gruß Hans Paffrath Stadt Köln - Der Oberbürgermeister Amt für Informationsverarbeitung Willy-Brandt-Platz 3 50679 Köln Telefon: 0221/221-26085 Telefax: 0221/221-22845 E-Mail: hans.paffrath(a)stadt-koeln.de Internet: www.stadt-koeln.de -----Ursprüngliche Nachricht----- Von: opensuse-security(a)opensuse.org [mailto:opensuse-security@opensuse.org] Gesendet: Dienstag, 4. November 2014 23:05 An: opensuse-security-announce(a)opensuse.org Betreff: [security-announce] SUSE-SU-2014:1357-1: important: Security update for openssl1 SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1357-1 Rating: important References: #901223 #901277 Cross-References: CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 Affected Products: SUSE Linux Enterprise Security Module 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This OpenSSL update fixes the following issues: * SRTP Memory Leak (CVE-2014-3513) * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513> * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568> Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-libopenssl1-devel-9904 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.22.1 libopenssl1_0_0-1.0.1g-0.22.1 openssl1-1.0.1g-0.22.1 openssl1-doc-1.0.1g-0.22.1 - SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.22.1 - SUSE Linux Enterprise Security Module 11 SP3 (ia64): libopenssl1_0_0-x86-1.0.1g-0.22.1 References: http://support.novell.com/security/cve/CVE-2014-3513.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-3567.html http://support.novell.com/security/cve/CVE-2014-3568.html https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=901277 http://download.suse.com/patch/finder/?keywords=b73f6fe02c4bdbb47052a845f36… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

2 1

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security November 2014