File _patchinfo of Package patchinfo.3237

<patchinfo incident="3237">
  <issue id="995075" tracker="bnc">L3: sshd: fatal: cannot read from /dev/urandom, Interrupted system call</issue>
  <issue id="993819" tracker="bnc">VUL-1: CVE-2016-2182: openssl: Check for errors in BN_bn2dec()</issue>
  <issue id="999666" tracker="bnc">VUL-0: CVE-2016-6304: openssl: OCSP Status Request extension unbounded memory growth</issue>
  <issue id="999665" tracker="bnc">VUL-0: [TRACKERBUG]: openssl: Security Advisory [22 Sep 2016]</issue>
  <issue id="994749" tracker="bnc">VUL-0: CVE-2016-2181: openssl: Fix DTLS replay protection</issue>
  <issue id="999668" tracker="bnc">VUL-0: CVE-2016-6306: openssl: Certificate message OOB reads</issue>
  <issue id="998190" tracker="bnc">null pointer in openssl</issue>
  <issue id="983249" tracker="bnc">VUL-1: CVE-2016-2178: openssl: Fix DSA, preserve BN_FLG_CONSTTIME</issue>
  <issue id="982575" tracker="bnc">VUL-1: CVE-2016-2177: openssl: Avoid some undefined pointer arithmetic</issue>
  <issue id="995359" tracker="bnc">VUL-0: CVE-2016-2183: openssl: Birthday attacks on 64-bit block ciphers aka triple-des (SWEET32)</issue>
  <issue id="994844" tracker="bnc">VUL-0: CVE-2016-2179: openssl1,openssl,compat-openssl098: remote denial of service via DTLS Finished Message</issue>
  <issue id="979475" tracker="bnc">openssl cms-test.pl failing due to expired certificates</issue>
  <issue id="995377" tracker="bnc">VUL-0: CVE-2016-6303: openssl: Avoid overflow in MDC2_Update</issue>
  <issue id="995324" tracker="bnc">VUL-1: CVE-2016-6302: openssl: Sanity check ticket length.</issue>
  <issue id="2016-6302" tracker="cve" />
  <issue id="2016-6303" tracker="cve" />
  <issue id="2016-6304" tracker="cve" />
  <issue id="2016-2179" tracker="cve" />
  <issue id="2016-6306" tracker="cve" />
  <issue id="2016-2178" tracker="cve" />
  <issue id="2016-2177" tracker="cve" />
  <issue id="2016-2182" tracker="cve" />
  <issue id="2016-2183" tracker="cve" />
  <issue id="2016-2181" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>vitezslav_cizek</packager>
  <description>
This update for compat-openssl098 fixes the following issues:

OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)

Severity: High
* OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666)

Severity: Low
* Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)
* Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)
* DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)
* DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)
* OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)
* Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359)
* Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)
* OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)
* Certificate message OOB reads (CVE-2016-6306) (bsc#999668)

More information can be found on: https://www.openssl.org/news/secadv/20160922.txt

Bugs fixed:
* update expired S/MIME certs (bsc#979475)
* fix crash in print_notice (bsc#998190)
* resume reading from /dev/urandom when interrupted by a signal (bsc#995075)
</description>
  <summary>Security update for compat-openssl098</summary>
</patchinfo>
Places

File _patchinfo of Package patchinfo.3237

Places
