openssl: security and bugfix update to 1.0.0k
openssl was updated to 1.0.0k security release
to fix bugs and security issues. (bnc#802648 bnc#802746)
The version was upgraded to avoid backporting the large fixes for
SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686)
OCSP invalid key DoS issue (CVE-2013-0166)
Also the following bugfix was included:
bnc#757773 - c_rehash to accept more filename extensions
-
Submitted by
Marcus Meissner (msmeissn)
Fixed bugs
bnc#802648
VUL-0: CVE-2013-0169: openssl 1.0.1d/1.0.0k/0.9.8y release (lucky thirteen 13)
bnc#802746
VUL-0: CVE-2013-0166: openssl: OCSP invalid key DoS issue
bnc#757773
ldap-client yast module requires certificates with "*.pem" name schema
CVE-CVE-2012-0027
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.
CVE-CVE-2011-4577
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or
CVE-CVE-2011-4576
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an S
CVE-CVE-2012-1165
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerabil
CVE-CVE-2011-4108
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
CVE-CVE-2012-0050
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
CVE-CVE-2012-2110
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial
CVE-CVE-2012-0884
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Mes
CVE-CVE-2011-4619
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors.
