SUSE alert SUSE-SU-2012:0674-1 (openssl)
| From: | opensuse-security@opensuse.org | |
| To: | opensuse-security-announce@opensuse.org | |
| Subject: | [security-announce] SUSE-SU-2012:0674-1: important: Security update for openssl | |
| Date: | Wed, 30 May 2012 23:08:17 +0200 (CEST) | |
| Message-ID: | <20120530210817.4C17832430@maintenance.suse.de> |
SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0674-1 Rating: important References: #739719 #742821 #748738 #749210 #749213 #749735 #751946 #758060 #761838 Cross-References: CVE-2006-7250 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 CVE-2012-0050 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update of openssl fixes the following security issues: * Denial of Service or crash via CBC mode handling. (CVE-2012-2333 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333 > ) * Incorrect integer conversions that could result in memory corruption. (CVE-2012-2110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 > , CVE-2012-2131 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131 > ) * Potential memory leak in multithreaded key creation. * Symmetric crypto errors in PKCS7_decrypt. * Free headers after use in error message. * S/MIME verification may erroneously fail. * Tolerating bad MIME headers in ANS.1 parser. (CVE-2012-1165 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165 > , CVE-2006-7250 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250 > ) * DTLS DoS Attack. (CVE-2012-0050 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050 > ) * DTLS Plaintext Recovery Attack. (CVE-2011-4108 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108 > ) * Double-free in Policy Checks. (CVE-2011-4109 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109 > ) * Uninitialized SSL 3.0 Padding. (CVE-2011-4576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576 > ) * SGC Restart DoS Attack. (CVE-2011-4619 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619 > ) Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.45.63.1 openssl-devel-0.9.8a-18.45.63.1 openssl-doc-0.9.8a-18.45.63.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.45.63.1 openssl-devel-32bit-0.9.8a-18.45.63.1 References: http://support.novell.com/security/cve/CVE-2006-7250.html http://support.novell.com/security/cve/CVE-2011-4108.html http://support.novell.com/security/cve/CVE-2011-4109.html http://support.novell.com/security/cve/CVE-2011-4576.html http://support.novell.com/security/cve/CVE-2011-4619.html http://support.novell.com/security/cve/CVE-2012-0050.html http://support.novell.com/security/cve/CVE-2012-1165.html http://support.novell.com/security/cve/CVE-2012-2110.html http://support.novell.com/security/cve/CVE-2012-2131.html http://support.novell.com/security/cve/CVE-2012-2333.html https://bugzilla.novell.com/739719 https://bugzilla.novell.com/742821 https://bugzilla.novell.com/748738 https://bugzilla.novell.com/749210 https://bugzilla.novell.com/749213 https://bugzilla.novell.com/749735 https://bugzilla.novell.com/751946 https://bugzilla.novell.com/758060 https://bugzilla.novell.com/761838 http://download.novell.com/patch/finder/?keywords=615504b... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org