sehr gut! Thomas On 07/09/2015 04:07 PM, Andreas Stieger wrote:

Dear openSUSE users,

The OpenSSL Project recently pre-announced [1], and how has released [2] an advisory for a security issue with a severity rated "high". This was picked up in various news articles [3] [4]. A detail which was not known to the general public at the time when these were written was that the issue affects 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o specifically. The fixed releases are 1.0.1p and 1.0.2d, and CVE-2015-1793 was assigned to the issue.

The OpenSSL versions shipped in openSUSE 13.1 and 13.2 are not affected. The openSUSE Tumbleweed distribution never received a vulnerable version and was never affected. The next submission into Factory will skip any vulnerable versions.

We have updated the Bugzilla entry [5] and CVE page [6] to that effect.

[1] https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html [2] https://www.openssl.org/news/secadv_20150709.txt [3] http://www.heise.de/security/meldung/Kritischer-OpenSSL-Patch-voraus-2739804... [4] http://www.securityweek.com/openssl-preparing-updates-patch-high-severity-vu... [5] https://bugzilla.opensuse.org/show_bug.cgi?id=CVE-2015-1793 [6] https://www.suse.com/security/cve/CVE-2015-1793.html

On behalf of the SUSE Security team, Andreas Stieger

-- Thomas Biege <thomas@suse.de>, Team Leader MaintenanceSecurity, CSSLP SUSE Linux GmbH, GF: Felix Imendoerffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach