Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
patchinfo.305
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.305
<patchinfo incident="305"> <issue id="912015" tracker="bnc">VUL-0: CVE-2014-3572: openssl: ECDH downgrade bug fix</issue> <issue id="912014" tracker="bnc">VUL-0: CVE-2015-0204: openssl: Only allow ephemeral RSA keys in export ciphersuites.</issue> <issue id="912018" tracker="bnc">VUL-0: CVE-2014-8275: openssl: Fix various certificate fingerprint issues</issue> <issue id="892403" tracker="bnc">openssl fix causes postfix errors when using TLS to communicate with relay server</issue> <issue id="912296" tracker="bnc">VUL-0: CVE-2014-3570: openssl: Bignum squaring may produce incorrect results</issue> <issue id="912294" tracker="bnc">VUL-0: CVE-2014-3571: openssl: Fix crash in dtls1_get_record</issue> <issue id="912293" tracker="bnc">VUL-0: CVE-2015-0205: openssl: Unauthenticated DH client certificate fix.</issue> <issue id="CVE-2014-3571" tracker="cve" /> <issue id="CVE-2014-3570" tracker="cve" /> <issue id="CVE-2014-3572" tracker="cve" /> <issue id="CVE-2014-0224" tracker="cve" /> <issue id="CVE-2014-8275" tracker="cve" /> <issue id="CVE-2015-0205" tracker="cve" /> <issue id="CVE-2015-0204" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>vitezslav_cizek</packager> <description> The openssl 0.9.8j compatibility package was updated to fix several security vulnerabilities: CVE-2014-3570: Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. CVE-2014-3571: Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3572: Do not accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. CVE-2014-8275: Fixed various certificate fingerprint issues CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites CVE-2015-0205: OpenSSL 0.9.8j is NOT vulnerable to CVE-2015-0205 as it doesn't support DH certificates and this typo prohibits skipping of certificate verify message for sign only certificates anyway. (This patch only fixes the wrong condition) This update also fixes regression caused by CVE-2014-0224.patch (bnc#892403) </description> <summary>Security update for compat-openssl098</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor