Security update for openssl (important)

2012-05-31T01:08:19
ID SUSE-SU-2012:0679-1
Type suse
Reporter Suse
Modified 2012-05-31T01:08:19

Description

This update of openssl fixes the following denial of service vulnerabilities:

  • Denial of Service via CBC mode handling. (CVE-2012-2333 <<a rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333</a> > )
  • A deadlock condition introduced by the previous memory leak fix due to entering a lock twice. This would only happen in multithreaded programs.

In addition, openssl's cms subcommand (Crypthographic Message Syntax) has been enabled.