Mailinglist Archive: opensuse-security-announce (53 mails)

< Previous Next >
[security-announce] openSUSE not affected by OpenSSL CVE-2015-1793
Dear openSUSE users,

The OpenSSL Project recently pre-announced [1], and how has released [2]
an advisory for a security issue with a severity rated "high". This was
picked up in various news articles [3] [4]. A detail which was not known
to the general public at the time when these were written was that the
issue affects 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o specifically. The fixed
releases are 1.0.1p and 1.0.2d, and CVE-2015-1793 was assigned to the issue.

The OpenSSL versions shipped in openSUSE 13.1 and 13.2 are not affected.
The openSUSE Tumbleweed distribution never received a vulnerable version
and was never affected. The next submission into Factory will skip any
vulnerable versions.

We have updated the Bugzilla entry [5] and CVE page [6] to that effect.

[1] https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html
[2] https://www.openssl.org/news/secadv_20150709.txt
[3]
http://www.heise.de/security/meldung/Kritischer-OpenSSL-Patch-voraus-2739804.html
[4]
http://www.securityweek.com/openssl-preparing-updates-patch-high-severity-vulnerability
[5] https://bugzilla.opensuse.org/show_bug.cgi?id=CVE-2015-1793
[6] https://www.suse.com/security/cve/CVE-2015-1793.html

On behalf of the SUSE Security team,
Andreas Stieger

--
Andreas Stieger <astieger@xxxxxxxx>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Dilip Upmanyu, Graham
Norton, HRB 21284 (AG N├╝rnberg)


< Previous Next >
Follow Ups