Overview

File _patchinfo of Package patchinfo.153

<patchinfo incident="153">
  <issue id="901223" tracker="bnc">L3: VUL-0: CVE-2014-3566: openssl: SSLv3 POODLE attack</issue>
  <issue id="901277" tracker="bnc">VUL-0: CVE-2014-3513, CVE-2014-3567: openssl: DTLS mem leak and session ticket mem leak</issue>
  <issue id="CVE-2014-3513" tracker="cve" />
  <issue id="CVE-2014-3568" tracker="cve" />
  <issue id="CVE-2014-3566" tracker="cve" />
  <issue id="CVE-2014-3567" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>openssl was updated to fix four security issues.

These security issues were fixed:
- SRTP Memory Leak (CVE-2014-3513).
- Session Ticket Memory Leak (CVE-2014-3567).
- Fixed incomplete no-ssl3 build option (CVE-2014-3568).
- Add support for TLS_FALLBACK_SCSV (CVE-2014-3566).

NOTE: This update alone DOESN'T FIX the POODLE SSL protocol vulnerability.
OpenSSL only adds downgrade detection support for client applications.
See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations.
</description>
  <summary>Security update for openssl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places