Lucene search

K
suseSuseSUSE-SU-2015:1184-1
HistoryJul 03, 2015 - 4:05 p.m.

Security update for OpenSSL (important)

2015-07-0316:05:24
lists.opensuse.org
42

0.975 High

EPSS

Percentile

100.0%

OpenSSL 0.9.8j was updated to fix several security issues.

   * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed
     by rejecting connections with DH parameters shorter than 1024 bits.
     We now also generate 2048-bit DH parameters by default.
   * CVE-2015-1788: Malformed ECParameters could cause an infinite loop.
   * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.
   * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent
     was fixed.
   * CVE-2015-1792: A CMS verification infinite loop when using an
     unknown hash function was fixed.
   * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation.
   * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to
     locking regression.
   * fixed a timing side channel in RSA decryption (bnc#929678)

Additional changes:

   * In the default SSL cipher string EXPORT ciphers are now disabled.
     This will only get active if applications get rebuilt and actually
     use this string. (bnc#931698)
   * Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)

Security Issues:

   * CVE-2015-1788
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788</a>&gt;
   * CVE-2015-1789
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789</a>&gt;
   * CVE-2015-1790
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790</a>&gt;
   * CVE-2015-1791
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791</a>&gt;
   * CVE-2015-1792
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792</a>&gt;
   * CVE-2015-3216
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3216">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3216</a>&gt;
   * CVE-2015-4000
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</a>&gt;