Lucene search

K
suseSuseSUSE-SU-2014:1357-1
HistoryNov 04, 2014 - 11:04 p.m.

Security update for openssl1 (important)

2014-11-0423:04:45
lists.opensuse.org
29

0.975 High

EPSS

Percentile

100.0%

This OpenSSL update fixes the following issues:

   * SRTP Memory Leak (CVE-2014-3513)
   * Session Ticket Memory Leak (CVE-2014-3567)
   * Build option no-ssl3 is incomplete (CVE-2014-3568)
   * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)

Security Issues:

   * CVE-2014-3513
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513</a>&gt;
   * CVE-2014-3567
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567</a>&gt;
   * CVE-2014-3566
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>&gt;
   * CVE-2014-3568
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568</a>&gt;