Security update for OpenSSL (important)

ID SUSE-SU-2015:1185-1
Type suse
Reporter Suse
Modified 2015-07-03T16:06:39


OpenSSL 1.0.1 was updated to fix several security issues:

   * CVE-2015-4000: The Logjam Attack ( ) has been addressed
     by rejecting connections with DH parameters shorter than 1024 bits.
     2048-bit DH parameters are now generated by default.
   * CVE-2015-1788: Malformed ECParameters could cause an infinite loop.
   * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.
   * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent
     was fixed.
   * CVE-2015-1792: A CMS verification infinite loop when using an
     unknown hash function was fixed.
   * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation.
   * CVE-2014-8176: Fixed an invalid free in DTLS.
   * Fixed a timing side channel in RSA decryption. (bsc#929678)

Security Issues:

   * CVE-2014-8176
     <<a  rel="nofollow" href=""></a>>
   * CVE-2015-1788
     <<a  rel="nofollow" href=""></a>>
   * CVE-2015-1789
     <<a  rel="nofollow" href=""></a>>
   * CVE-2015-1790
     <<a  rel="nofollow" href=""></a>>
   * CVE-2015-1791
     <<a  rel="nofollow" href=""></a>>
   * CVE-2015-1792
     <<a  rel="nofollow" href=""></a>>
   * CVE-2015-4000
     <<a  rel="nofollow" href=""></a>>