Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for libopenssl0_9_8

This update for libopenssl0_9_8 fixes the following issues:

- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
- CVE-2016-0702: Side channel attack on modular exponentiation "CacheBleed" (bsc#968050)
- bsc#976943: Buffer overrun in ASN1_parse

and updates the package to version 0.9.8zh which collects many other
fixes, including security ones.

Fixed bugs
CVE-2015-3197
CVE-2016-0702
CVE-2016-0797
CVE-2016-0799
CVE-2016-0800
CVE-2016-2105
CVE-2016-2106
CVE-2016-2108
CVE-2016-2109
bnc#968046
VUL-0: CVE-2016-0800: openssl: Cross-protocol attack on TLS using SSLv2 (DROWN)
bnc#968374
VUL-1: CVE-2016-0799: openssl: memory issues in BIO_*printf functions
bnc#968048
VUL-1: CVE-2016-0797: openssl: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
bnc#968050
VUL-1: CVE-2016-0702: openssl: Side channel attack on modular exponentiation "CacheBleed"
bnc#963415
VUL-1: CVE-2015-3197: openssl: SSLv2 doesnt block disabled ciphers
bnc#976942
VUL-1: CVE-2016-2109: openssl: Harden ASN.1 BIO handling of large amounts of data.
bnc#976943
VUL-1: openssl: Fix buffer overrun in ASN1_parse()
bnc#977614
VUL-0: CVE-2016-2105: openssl: EVP_EncodeUpdate overflow
bnc#977615
VUL-0: CVE-2016-2106: openssl: EVP_EncryptUpdate overflow
bnc#977617
VUL-0: CVE-2016-2108: openssl: Memory corruption in the ASN.1 encoder
Selected Binaries
openSUSE Build Service is sponsored by
Places