OpenSSL was updated to fix several security issues.
* CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed
by rejecting connections with DH parameters shorter than 1024 bits.
We now also generate 2048-bit DH parameters by default.
* CVE-2015-1788: Malformed ECParameters could cause an infinite loop.
* CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.
* CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent
was fixed.
* fixed a timing side channel in RSA decryption (bnc#929678)
Additional changes:
In the default SSL cipher string EXPORT ciphers are now disabled. This will
only get active if applications get rebuilt and actually use this string.
(bnc#931698)
Security Issues:
* CVE-2015-1788
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788</a>>
* CVE-2015-1789
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789</a>>
* CVE-2015-1790
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790</a>>
* CVE-2015-4000
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a>>
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
SLE CLIENT TOOLS | 10 | x86_64 | openssl-32bit | < 0.9.8a-18.92.1 | openssl-32bit-0.9.8a-18.92.1.x86_64.rpm |
SLE CLIENT TOOLS | 10 | x86_64 | openssl | < 0.9.8a-18.92.1 | openssl-0.9.8a-18.92.1.x86_64.rpm |
SLE CLIENT TOOLS | 10 | i586 | openssl | < 0.9.8a-18.92.1 | openssl-0.9.8a-18.92.1.i586.rpm |
SLE CLIENT TOOLS | 10 | s390x | openssl-32bit | < 0.9.8a-18.92.1 | openssl-32bit-0.9.8a-18.92.1.s390x.rpm |
SLE CLIENT TOOLS | 10 | s390x | openssl | < 0.9.8a-18.92.1 | openssl-0.9.8a-18.92.1.s390x.rpm |