LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SUSE alert SUSE-SU-2012:0637-1 (openssl)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-security-announce@opensuse.org 


Subject:
    	      [security-announce] SUSE-SU-2012:0637-1: important: Security update for openssl 


Date:
    	      Wed, 23 May 2012 01:08:20 +0200 (CEST)


Message-ID:
    	      <20120522230820.7402F32414@maintenance.suse.de>


Archive-link:
    	      Article, Thread
              


   SUSE Security Update: Security update for openssl
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0637-1
Rating:             important
References:         #749735 #758060 
Cross-References:   CVE-2012-2110
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:


   This update of openssl fixes an integer conversation issue
   which could  cause a heap-based memory corruption
   (CVE-2012-2110
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
   > ).

   Additionally, a check for negative buffer length values was
   added ( CVE-2012-2131
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131
   >  ) and a memory leak when creating public keys fixed.



Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      openssl-0.9.8a-18.68.1
      openssl-devel-0.9.8a-18.68.1
      openssl-doc-0.9.8a-18.68.1

   - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):

      openssl-32bit-0.9.8a-18.68.1
      openssl-devel-32bit-0.9.8a-18.68.1

   - SUSE Linux Enterprise Server 10 SP4 (ia64):

      openssl-x86-0.9.8a-18.68.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      openssl-64bit-0.9.8a-18.68.1
      openssl-devel-64bit-0.9.8a-18.68.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      openssl-0.9.8a-18.68.1
      openssl-devel-0.9.8a-18.68.1

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

      openssl-32bit-0.9.8a-18.68.1
      openssl-devel-32bit-0.9.8a-18.68.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      openssl-doc-0.9.8a-18.68.1


References:

   http://support.novell.com/security/cve/CVE-2012-2110.html
   https://bugzilla.novell.com/749735
   https://bugzilla.novell.com/758060
   http://download.novell.com/patch/finder/?keywords=d67d562...

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds