The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which is commonly used in applications). (CAN-2005-2969)
Please install the updated packages. A work-around would be to disable SSL v2 support in the applications.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.1 | x86_64 | openssl | < 0.9.7d-15.15.3 | openssl-0.9.7d-15.15.3.x86_64.rpm |
openSUSE | 10.0 | x86_64 | openssl-devel-32bit | < 0.9.7g-2.2 | openssl-devel-32bit-0.9.7g-2.2.x86_64.rpm |
openSUSE | 9.2 | x86_64 | openssl-32bit | < 9.2-200510160152 | openssl-32bit-9.2-200510160152.x86_64.rpm |
openSUSE | 10.0 | x86_64 | openssl | < 0.9.7g-2.2 | openssl-0.9.7g-2.2.x86_64.rpm |
openSUSE | 9.1 | i586 | openssl-devel | < 0.9.7d-15.15.3 | openssl-devel-0.9.7d-15.15.3.i586.rpm |
openSUSE | 9.3 | i586 | openssl-devel | < 0.9.7e-3.2 | openssl-devel-0.9.7e-3.2.i586.rpm |
openSUSE | 9.2 | x86_64 | openssl | < 0.9.7d-25.2 | openssl-0.9.7d-25.2.x86_64.rpm |
openSUSE | 9.2 | i586 | openssl | < 0.9.7d-25.2 | openssl-0.9.7d-25.2.i586.rpm |
openSUSE | 9.0 | x86_64 | openssl-devel | < 0.9.7b-135 | openssl-devel-0.9.7b-135.x86_64.rpm |
openSUSE | 9.1 | i586 | openssl-32bit | < 9.1-200510151708 | openssl-32bit-9.1-200510151708.i586.rpm |