openSUSE Recommended Update: Recommended update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-RU-2017:2118-1 Rating: moderate References: #1019637 #1027079 #1027688 #1027908 #1028281 #1028723 #1029523 #1042392 #1044095 #1044107 #1044175 #902364 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for openssl fixes the following issues including fixes for our ongoing FIPS 140-2 evaluation: - Remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE to address SWEET32 problem (bsc#1027908) - Use getrandom syscall instead of reading from /dev/urandom to get at least 128 bits of entropy to comply with FIPS 140.2 IG 7.14 (bsc#1027079 bsc#1044175) - Fix x86 extended feature detection (bsc#1029523) - Allow runtime switching of s390x capabilities via the "OPENSSL_s390xcap" environmental variable (bsc#1028723) - s_client sent empty client certificate (bsc#1028281) Add back certificate initialization set_cert_key_stuff() which was removed in a previous update. - Fix a bug in XTS key handling (bsc#1019637) - Don't run FIPS power-up self-tests when the checksum files aren't installed (bsc#1042392) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-903=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-903=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): libopenssl-devel-1.0.2j-10.1 libopenssl1_0_0-1.0.2j-10.1 libopenssl1_0_0-debuginfo-1.0.2j-10.1 libopenssl1_0_0-hmac-1.0.2j-10.1 openssl-1.0.2j-10.1 openssl-cavs-1.0.2j-10.1 openssl-cavs-debuginfo-1.0.2j-10.1 openssl-debuginfo-1.0.2j-10.1 openssl-debugsource-1.0.2j-10.1 - openSUSE Leap 42.3 (x86_64): libopenssl-devel-32bit-1.0.2j-10.1 libopenssl1_0_0-32bit-1.0.2j-10.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-10.1 libopenssl1_0_0-hmac-32bit-1.0.2j-10.1 - openSUSE Leap 42.3 (noarch): openssl-doc-1.0.2j-10.1 - openSUSE Leap 42.2 (i586 x86_64): libopenssl-devel-1.0.2j-6.3.1 libopenssl1_0_0-1.0.2j-6.3.1 libopenssl1_0_0-debuginfo-1.0.2j-6.3.1 libopenssl1_0_0-hmac-1.0.2j-6.3.1 openssl-1.0.2j-6.3.1 openssl-cavs-1.0.2j-6.3.1 openssl-cavs-debuginfo-1.0.2j-6.3.1 openssl-debuginfo-1.0.2j-6.3.1 openssl-debugsource-1.0.2j-6.3.1 - openSUSE Leap 42.2 (x86_64): libopenssl-devel-32bit-1.0.2j-6.3.1 libopenssl1_0_0-32bit-1.0.2j-6.3.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-6.3.1 libopenssl1_0_0-hmac-32bit-1.0.2j-6.3.1 - openSUSE Leap 42.2 (noarch): openssl-doc-1.0.2j-6.3.1 References: https://bugzilla.suse.com/1019637 https://bugzilla.suse.com/1027079 https://bugzilla.suse.com/1027688 https://bugzilla.suse.com/1027908 https://bugzilla.suse.com/1028281 https://bugzilla.suse.com/1028723 https://bugzilla.suse.com/1029523 https://bugzilla.suse.com/1042392 https://bugzilla.suse.com/1044095 https://bugzilla.suse.com/1044107 https://bugzilla.suse.com/1044175 https://bugzilla.suse.com/902364