http://openssl.org/news/secadv_20150108.txt Following issues were ...">Security update for openssl (important) - vulnerability database | Vulners.comhttp://openssl.org/news/secadv_20150108.txt Following issues were ...">http://openssl.org/news/secadv_20150108.txt Following issues were ...">http://openssl.org/news/secadv_20150108.txt Following issues were ...">
Lucene search

K
suseSuseOPENSUSE-SU-2015:0130-1
HistoryJan 23, 2015 - 8:05 p.m.

Security update for openssl (important)

2015-01-2320:05:13
lists.opensuse.org
24

0.965 High

EPSS

Percentile

99.5%

openssl was updated to 1.0.1k to fix various security issues and bugs.

More information can be found in the openssl advisory:
<a href=“http://openssl.org/news/secadv_20150108.txt”>http://openssl.org/news/secadv_20150108.txt</a>

Following issues were fixed:

  • CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced
    incorrect results on some platforms, including x86_64.

  • CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in
    the listen state where you get two separate reads performed - one for
    the header and one for the body of the handshake record.

  • CVE-2014-3572 (bsc#912015): Don’t accept a handshake using an ephemeral
    ECDH ciphersuites with the server key exchange message omitted.

  • CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues.

  • CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export
    ciphersuites

  • CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client
    certificates without sending certificate verify message.

  • CVE-2015-0206 (bsc#912292): A memory leak was fixed in
    dtls1_buffer_record.