Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
patchinfo.302
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.302
<patchinfo incident="302"> <issue id="895129" tracker="bnc">FIPS: openssl: ruby/python hangs when doing ssl when using fips=1</issue> <issue id="912015" tracker="bnc">VUL-0: CVE-2014-3572: openssl: ECDH downgrade bug fix</issue> <issue id="855676" tracker="bnc">FIPS: openssl tracker bug</issue> <issue id="912018" tracker="bnc">VUL-0: CVE-2014-8275: openssl: Fix various certificate fingerprint issues</issue> <issue id="906878" tracker="bnc">L3-Question: openssl1 client doesn't negotiate EC curve</issue> <issue id="912296" tracker="bnc">VUL-0: CVE-2014-3570: openssl: Bignum squaring may produce incorrect results</issue> <issue id="912294" tracker="bnc">VUL-0: CVE-2014-3571: openssl: Fix crash in dtls1_get_record</issue> <issue id="912293" tracker="bnc">VUL-0: CVE-2015-0205: openssl: Unauthenticated DH client certificate fix.</issue> <issue id="912292" tracker="bnc">VUL-0: CVE-2015-0206: openssl: memory leak can occur in dtls1_buffer_record</issue> <issue id="908372" tracker="bnc">FIPS: openssl: constant reseeding when using /dev/urandom</issue> <issue id="912014" tracker="bnc">VUL-0: CVE-2015-0204: openssl: Only allow ephemeral RSA keys in export ciphersuites.</issue> <issue id="908362" tracker="bnc">FIPS: openssl: make RSA key generation more strict (BSI advice)</issue> <issue id="901902" tracker="bnc">FIPS: openssl: RSA not FIPS 186-4 compliant</issue> <issue id="CVE-2014-3571" tracker="cve" /> <issue id="CVE-2014-3570" tracker="cve" /> <issue id="CVE-2014-3572" tracker="cve" /> <issue id="CVE-2014-8275" tracker="cve" /> <issue id="CVE-2015-0205" tracker="cve" /> <issue id="CVE-2015-0204" tracker="cve" /> <issue id="CVE-2015-0206" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>vitezslav_cizek</packager> <description> OpenSSL was updated to fix security issues and also provide FIPS compliance. Security issues fixed: CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. CVE-2014-3571: Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3572: No longer accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. CVE-2014-8275: Fixed various certificate fingerprint issues. CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites. CVE-2015-0205: Fix to prevent use of DH client certificates without sending certificate verify message. CVE-2015-0206: A memory leak could have occured in dtls1_buffer_record. Bugfixes: - Do not advertise curves we don't support (bsc#906878) FIPS changes: - Make RSA2 key generation FIPS 186-4 compliant (bsc#901902) - X9.31 rand method is not allowed in FIPS mode. - Do not allow dynamic ENGINEs loading in FIPS mode. - Added a locking hack which prevents hangs in FIPS mode (bsc#895129) - In non-FIPS RSA key generation, mirror the maximum and minimum limiters from FIPS rsa generation to meet Common Criteria and BSI TR requirements on minimum and maximum distances between p and q. (bsc#908362) - Do constant reseeding from /dev/urandom; for every random byte pulled, seed with one byte from /dev/urandom, also change RAND_poll to pull the full state size of the SSLEAY DRBG to fulfil Common Criteria requirements. (bsc#908372) FIPS mode can be enabled by either using the environment variable OPENSSL_FORCE_FIPS_MODE=1 or supplying the "fips=1" parameter on the kernel boot commandline. </description> <summary>Security update for openssl</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor