Mailinglist Archive: opensuse-updates (170 mails)

< Previous Next >
openSUSE-SU-2016:0362-1: Security update for openssl
openSUSE Security Update: Security update for openssl
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:0362-1
Rating: low
References: #963415
Cross-References: CVE-2015-3197
Affected Products:
openSUSE 13.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


This update for openssl fixes the following issues:

- CVE-2015-3197: A malicious client can negotiate SSLv2 ciphers that have
been disabled on the server and complete SSLv2 handshakes even if all
SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was
not also disabled via SSL_OP_NO_SSLv2. (boo#963415)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-154=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

libopenssl-devel-1.0.1k-2.30.1
libopenssl1_0_0-1.0.1k-2.30.1
libopenssl1_0_0-debuginfo-1.0.1k-2.30.1
libopenssl1_0_0-hmac-1.0.1k-2.30.1
openssl-1.0.1k-2.30.1
openssl-debuginfo-1.0.1k-2.30.1
openssl-debugsource-1.0.1k-2.30.1

- openSUSE 13.2 (x86_64):

libopenssl-devel-32bit-1.0.1k-2.30.1
libopenssl1_0_0-32bit-1.0.1k-2.30.1
libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.30.1
libopenssl1_0_0-hmac-32bit-1.0.1k-2.30.1

- openSUSE 13.2 (noarch):

openssl-doc-1.0.1k-2.30.1


References:

https://www.suse.com/security/cve/CVE-2015-3197.html
https://bugzilla.suse.com/963415


< Previous Next >
This Thread
  • No further messages