Overview Details Repositories Revisions Requests Users Attributes Meta
update for openssl

This openssl update fixes the following security issues:

- openssl 1.0.1i
* Information leak in pretty printing functions (CVE-2014-3508)
* Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
* Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
* Double Free when processing DTLS packets (CVE-2014-3505)
* DTLS memory exhaustion (CVE-2014-3506)
* DTLS memory leak from zero-length fragments (CVE-2014-3507)
* OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
* OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
* SRP buffer overrun (CVE-2014-3512)

Fixed bugs
bnc#890767
VUL-0: CVE-2014-3505: openssl: Double Free when processing DTLS packets
bnc#890768
VUL-0: CVE-2014-3506: openssl: DTLS memory exhaustion
bnc#890769
VUL-0: CVE-2014-3507: openssl: DTLS memory leak from zero-length fragments
bnc#890764
VUL-1: CVE-2014-3508: openssl: Information leak in pretty printing functions
bnc#890766
VUL-0: CVE-2014-3509: openssl: Race condition in ssl_parse_serverhello_tlsext
bnc#890770
VUL-0: CVE-2014-3510: openssl: DTLS anonymous EC(DH) denial of service
bnc#890771
VUL-0: CVE-2014-3511: openssl: TLS protocol downgrade attack
bnc#890772
VUL-0: CVE-2014-3512: openssl: SRP buffer overrun
bnc#890765
VUL-0: CVE-2014-5139: openssl: Crash with SRP ciphersuite in Server Hello message
CVE-CVE-2014-3505
CVE-CVE-2014-3506
CVE-CVE-2014-3507
CVE-CVE-2014-3512
CVE-CVE-2014-3511
CVE-CVE-2014-3510
CVE-CVE-2014-3508
CVE-CVE-2014-3509
CVE-CVE-2014-5139
Selected Binaries
openSUSE Build Service is sponsored by
Places