openssl update to version 1.0.1k
This update lifts the openssl library to version 1.0.1k which
contains new features such as protocol support for TLSv1.1
and TLSv1.2 and more improvements.
The patch also contains a rebuild of openssh to reflect the version change dependency (actually a bug in openssh to consider the version).
-
Submitted by
Wolfgang Rosenauer (wrosenauer)
Fixed bugs
bnc#857203
VUL-0: CVE-2013-6450: openssl: crash in DTLS renegotiation after packet loss
CVE-CVE-2011-0014
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message
bnc#670526
VUL-0: openssl: OCSP stapling vulnerability
bnc#720601
segmentation fault in svn
bnc#784994
VIA padlock support on 64 systems accidentally removed.
bnc#793420
VUL-1: CVE-2012-4929: apache2: CRIME attack
bnc#802184
VUL-0: CVE-2013-0169: Lucky Thirteen 13 Tracker Bug
bnc#803004
openSSL 1.0.1d breaks most, if not all, SSL connections
bnc#849377
segfault in libssl.so.1.0.0 after security upgrade of openssl/libopenssl
bnc#856687
VUL-0: CVE-2013-6449: openssl: crash when using TLS 1.2
bnc#774710
armv5 openssl compiled with -march=armv7-a
bnc#822642
VPN-openconnect problem - DTLS handshake failed
bnc#832833
openssl ssl_set_cert_masks() is broken, backport needed
bnc#857640
VUL-0: CVE-2013-4353: openssl: TLS record tampering issue can lead to OpenSSL crash
bnc#861384
update to openssl-1.0.1e-11.14.1 broke WebRTC functionality in FreeSWITCH
bnc#869945
VUL-0: CVE-2014-0076: openssl: Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack
bnc#872299
VUL-0: CVE-2014-0160: openssl: "HeartBleed": missing bounds checks for heartbeat messages
bnc#873351
VUL-1: CVE-2010-5298: openssl: Use-after-free race condition,in OpenSSLs read buffer
bnc#876282
VUL-0: CVE-2014-0198 openssl: OpenSSL NULL pointer dereference in do_ssl3_write
bnc#880891
VUL-0: EMBARGOED: OpenSSL: headsup OpenSSL release June 5th
bnc#901223
VUL-0: CVE-2014-3566: openssl: SSLv3 POODLE attack
bnc#901277
VUL-0: CVE-2014-3513, CVE-2014-3567: openssl: DTLS mem leak and session ticket mem leak
bnc#911399
VUL-0: CVE-2014-3569: openssl: remote denial of service when built with no-ssl3
bnc#912014
VUL-0: CVE-2015-0204: openssl: Only allow ephemeral RSA keys in export ciphersuites.
bnc#912015
VUL-0: CVE-2014-3572: openssl: ECDH downgrade bug fix
bnc#912018
VUL-0: CVE-2014-8275: openssl: Fix various certificate fingerprint issues
bnc#912292
VUL-0: CVE-2015-0206: openssl: memory leak can occur in dtls1_buffer_record
bnc#912293
VUL-0: CVE-2015-0205: openssl: Unauthenticated DH client certificate fix.
bnc#912294
VUL-0: CVE-2014-3571: openssl: Fix crash in dtls1_get_record
bnc#912296
VUL-0: CVE-2014-3570: openssl: Bignum squaring may produce incorrect results
bnc#919648
VUL-1: CVE-2015-0209: openssl: Fix a failure to NULL a pointer freed on error.
bnc#920236
VUL-1: CVE-2015-0288: openssl: x509: added missing public key is not NULL check
bnc#922488
VUL-1: CVE-2015-0293: openssl: Fix reachable assert in SSLv2 servers.
bnc#922496
VUL-1: CVE-2015-0286: openssl: Segmentation fault in ASN1_TYPE_cmp
bnc#922499
VUL-1: CVE-2015-0287: openssl: ASN.1 structure reuse memory corruption
bnc#922500
VUL-1: CVE-2015-0289: openssl: PKCS7 NULL pointer dereferences
