Mailinglist Archive: opensuse-security-announce (68 mails)

< Previous Next >
[security-announce] SUSE-SU-2016:1360-1: important: Security update for openssl
SUSE Security Update: Security update for openssl

Announcement ID: SUSE-SU-2016:1360-1
Rating: important
References: #968050 #973223 #976942 #976943 #977614 #977615
Cross-References: CVE-2016-0702 CVE-2016-2105 CVE-2016-2106
CVE-2016-2108 CVE-2016-2109
Affected Products:
SUSE Linux Enterprise Server 10 SP4 LTSS

An update that solves 5 vulnerabilities and has two fixes
is now available.


This update for OpenSSL fixes the following security issues:

* CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
* CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
* CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
* CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
* CVE-2016-0702: Side channel attack on modular exponentiation
"CacheBleed" (bsc#968050)

Additionally, the following non-security issues have been fixed:

* Fix buffer overrun in ASN1_parse. (bsc#976943)
* Allow weak DH groups. (bsc#973223)

Security Issues:

* CVE-2016-2105
* CVE-2016-2106
* CVE-2016-2108
* CVE-2016-2109
* CVE-2016-0702

Package List:

- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):


- SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages