Mailinglist Archive: opensuse-security (8 mails)

< Previous Next >
[opensuse-security] Re: [security-announce] openSUSE not affected by OpenSSL CVE-2015-1793
  • From: Thomas Biege <thomas@xxxxxxx>
  • Date: Thu, 09 Jul 2015 16:50:20 +0200
  • Message-id: <559E8A2C.50708@suse.de>

sehr gut!

Thomas

On 07/09/2015 04:07 PM, Andreas Stieger wrote:
Dear openSUSE users,

The OpenSSL Project recently pre-announced [1], and how has released [2]
an advisory for a security issue with a severity rated "high". This was
picked up in various news articles [3] [4]. A detail which was not known
to the general public at the time when these were written was that the
issue affects 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o specifically. The fixed
releases are 1.0.1p and 1.0.2d, and CVE-2015-1793 was assigned to the issue.

The OpenSSL versions shipped in openSUSE 13.1 and 13.2 are not affected.
The openSUSE Tumbleweed distribution never received a vulnerable version
and was never affected. The next submission into Factory will skip any
vulnerable versions.

We have updated the Bugzilla entry [5] and CVE page [6] to that effect.

[1] https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html
[2] https://www.openssl.org/news/secadv_20150709.txt
[3]
http://www.heise.de/security/meldung/Kritischer-OpenSSL-Patch-voraus-2739804.html
[4]
http://www.securityweek.com/openssl-preparing-updates-patch-high-severity-vulnerability
[5] https://bugzilla.opensuse.org/show_bug.cgi?id=CVE-2015-1793
[6] https://www.suse.com/security/cve/CVE-2015-1793.html

On behalf of the SUSE Security team,
Andreas Stieger



--
Thomas Biege <thomas@xxxxxxx>, Team Leader MaintenanceSecurity, CSSLP
SUSE Linux GmbH, GF: Felix Imendoerffer, Jane Smithard,
Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nuernberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach

< Previous Next >
List Navigation