Security update for openssl (important)

ID SUSE-SU-2012:0679-1
Type suse
Reporter Suse
Modified 2012-05-31T01:08:19


This update of openssl fixes the following denial of service vulnerabilities:

  • Denial of Service via CBC mode handling. (CVE-2012-2333 <<a rel="nofollow" href=""></a> > )
  • A deadlock condition introduced by the previous memory leak fix due to entering a lock twice. This would only happen in multithreaded programs.

In addition, openssl's cms subcommand (Crypthographic Message Syntax) has been enabled.