Security update for OpenSSL (critical)

2014-06-07T00:04:15
ID SUSE-SU-2014:0768-1
Type suse
Reporter Suse
Modified 2014-06-07T00:04:15

Description

OpenSSL was updated to fix the following security vulnerabilities:

   * SSL/TLS MITM vulnerability. (CVE-2014-0224)
   * ECC private key can leak on 32 bit platforms. (CVE-2011-4354)

Further information can be found at <a rel="nofollow" href="http://www.openssl.org/news/secadv_20140605.txt">http://www.openssl.org/news/secadv_20140605.txt</a> <<a rel="nofollow" href="http://www.openssl.org/news/secadv_20140605.txt">http://www.openssl.org/news/secadv_20140605.txt</a>> .

Security Issues references:

   * CVE-2014-0224
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224&lt;/a&gt;&gt;
   * CVE-2011-4354
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4354"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4354&lt;/a&gt;&gt;