http://openssl.org/news/secadv_20150108.txt Following issues were ...">
openssl was updated to 1.0.1k to fix various security issues and bugs.
More information can be found in the openssl advisory:
<a href=“http://openssl.org/news/secadv_20150108.txt”>http://openssl.org/news/secadv_20150108.txt</a>
Following issues were fixed:
CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced
incorrect results on some platforms, including x86_64.
CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in
the listen state where you get two separate reads performed - one for
the header and one for the body of the handshake record.
CVE-2014-3572 (bsc#912015): Don’t accept a handshake using an ephemeral
ECDH ciphersuites with the server key exchange message omitted.
CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues.
CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export
ciphersuites
CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client
certificates without sending certificate verify message.
CVE-2015-0206 (bsc#912292): A memory leak was fixed in
dtls1_buffer_record.
bugzilla.suse.com/show_bug.cgi?id=911399
bugzilla.suse.com/show_bug.cgi?id=912014
bugzilla.suse.com/show_bug.cgi?id=912015
bugzilla.suse.com/show_bug.cgi?id=912018
bugzilla.suse.com/show_bug.cgi?id=912292
bugzilla.suse.com/show_bug.cgi?id=912293
bugzilla.suse.com/show_bug.cgi?id=912294
bugzilla.suse.com/show_bug.cgi?id=912296