SUSE-SU-2016:0641-1 Security update for openssl

This update for compat-openssl098 fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher...

MGASA-2016-0093 Updated openssl packages fix security vulnerabilities

Update openssl packages fix security vulnerabilities: Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the...

SUSE-SU-2016:0624-1 Security update for openssl

This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

SUSE-SU-2016:0620-1 Security update for openssl

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

SUSE-SU-2016:0617-1 Security update for openssl

This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

SUSE-SU-2016:0621-1 Security update for openssl

This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

Design/Logic Flaw

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

MGASA-2016-0056 Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerability: OpenSSL before 1.0.2f would allow for a process to re-use the same private Diffie-Hellman exponent repeatedly during its entire lifetime, which, given that it also allows to use custom DH parameters which may be based on unsafe primes, could...

SUSE-SU-2015:2275-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS7 and CMS routines so any application which reads PKCS7 or CMS data from untrusted sources is affected. SSL/TLS...

SUSE-SU-2015:2237-1 Security update for openssl

This update for openssl fixes the following issues: Security fixes: - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines...

MGASA-2015-0246 Updated openssl package fixes security vulnerabilities

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam CVE-2015-4000. When processing an ECParameters structure OpenSSL...

SUSE-SU-2015:1183-2 Security update for compat-openssl097g

OpenSSL was updated to fix several security issues: CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1789: An out-of-bounds read in X509cmptime was fixed...

SUSE-SU-2015:0547-1 Security update for compat-openssl097g

OpenSSL was updated to fix several security issues: CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1789: An out-of-bounds read in X509cmptime was fixed...

CVE-2015-0287

The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid write operation and memory...

SUSE-SU-2015:0553-2 Security update for compat-openssl098

OpenSSL was updated to fix various security issues. Following security issues were fixed: - CVE-2015-0209: A Use After Free following d2iECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client...

SUSE-SU-2015:0553-1 Security update for compat-openssl098

OpenSSL was updated to fix various security issues. Following security issues were fixed: - CVE-2015-0209: A Use After Free following d2iECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client...

SUSE-SU-2015:0541-1 Security update for openssl

OpenSSL was updated to fix various security issues. Following security issues were fixed: - CVE-2015-0209: A Use After Free following d2iECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client...

SUSE-SU-2015:0305-1 Security update for compat-openssl098

The openssl 0.9.8j compatibility package was updated to fix several security vulnerabilities: CVE-2014-3570: Bignum squaring BNsqr may produce incorrect results on some platforms, including x8664. CVE-2014-3571: Fix crash in dtls1getrecord whilst in the listen state where you get two separate rea...

SUSE-SU-2015:1182-2 Security update for OpenSSL

This OpenSSL update fixes the following issues: Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3567 CVE-2014-3566 CVE-2014-3568...

SUSE-SU-2015:1184-1 Security update for OpenSSL

This OpenSSL update fixes the following issues: Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3567 CVE-2014-3566 CVE-2014-3568...