openSUSE Security Update: backport of SSLCompression directive, SSLCipherSuite update in template ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0353-1 Rating: low References: Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This low-profile update introduces a backport of the SSLCompression directive (added to /etc/apache2/ssl-global.conf) that helps mitigating the CRIME attack if set to off (default). Also added to /etc/apache2/ssl-global.conf: "SSLHonorCipherOrder on". /etc/apache2/vhosts.d/vhost-ssl.template now contains a new SSLCipherSuite string. Even though GCM mode of AES is not supported in openssl-1.0.0l, the string works well and may be useful elsewhere, too. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2014-28 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): apache2-2.2.17-76.2 apache2-debuginfo-2.2.17-76.2 apache2-debugsource-2.2.17-76.2 apache2-devel-2.2.17-76.2 apache2-event-2.2.17-76.2 apache2-event-debuginfo-2.2.17-76.2 apache2-example-certificates-2.2.17-76.2 apache2-example-pages-2.2.17-76.2 apache2-itk-2.2.17-76.2 apache2-itk-debuginfo-2.2.17-76.2 apache2-prefork-2.2.17-76.2 apache2-prefork-debuginfo-2.2.17-76.2 apache2-utils-2.2.17-76.2 apache2-utils-debuginfo-2.2.17-76.2 apache2-worker-2.2.17-76.2 apache2-worker-debuginfo-2.2.17-76.2 - openSUSE 11.4 (noarch): apache2-doc-2.2.17-76.2 References: