Overview

File _patchinfo of Package patchinfo.2467

<patchinfo incident="2467">
  <issue id="889013" tracker="bnc">Package 'openssl' contains 'SuSE' spelling in a filename and/or SPEC file</issue>
  <issue id="976943" tracker="bnc">VUL-1: openssl: Fix buffer overrun in ASN1_parse()</issue>
  <issue id="976942" tracker="bnc">VUL-1: CVE-2016-2109: openssl: Harden ASN.1 BIO handling of large amounts of data.</issue>
  <issue id="968050" tracker="bnc">VUL-1: CVE-2016-0702: openssl: Side channel attack on modular exponentiation "CacheBleed"</issue>
  <issue id="977617" tracker="bnc">VUL-0: CVE-2016-2108: openssl: Memory corruption in the ASN.1 encoder</issue>
  <issue id="977614" tracker="bnc">VUL-0: CVE-2016-2105: openssl: EVP_EncodeUpdate overflow</issue>
  <issue id="977615" tracker="bnc">VUL-0: CVE-2016-2106: openssl: EVP_EncryptUpdate overflow</issue>
  <issue id="CVE-2016-2105" tracker="cve" />
  <issue id="CVE-2016-0702" tracker="cve" />
  <issue id="CVE-2016-2106" tracker="cve" />
  <issue id="CVE-2016-2109" tracker="cve" />
  <issue id="CVE-2016-2108" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>vitezslav_cizek</packager>
  <description>This update for compat-openssl098 fixes the following issues:

- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
- CVE-2016-0702: Side channel attack on modular exponentiation "CacheBleed" (bsc#968050)
- bsc#976943: Buffer overrun in ASN1_parse

The following non-security bugs were fixed:

- bsc#889013: Rename README.SuSE to the new spelling (bsc#889013)
</description>
  <summary>Security update for compat-openssl098</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places