Overview

File _patchinfo of Package patchinfo.145

<patchinfo incident="145">
  <issue id="901223" tracker="bnc">VUL-0: CVE-2014-3566: openssl: SSLv3 POODLE attack</issue>
  <issue id="901277" tracker="bnc">VUL-0: CVE-2014-3513, CVE-2014-3567: openssl: DTLS mem leak and session ticket mem leak</issue>
  <issue id="CVE-2014-3568" tracker="cve" />
  <issue id="CVE-2014-3566" tracker="cve" />
  <issue id="CVE-2014-3567" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>compat-openssl098 was updated to fix three security issues.
	  
NOTE: this update alone DOESN'T FIX the POODLE SSL protocol vulnerability.
OpenSSL only adds downgrade detection support for client applications.
See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations.

These security issues were fixed:
- Session ticket memory leak (CVE-2014-3567).
- Fixed build option no-ssl3 (CVE-2014-3568).
- Added support for TLS_FALLBACK_SCSV (CVE-2014-3566).
</description>
  <summary>Security update for compat-openssl098</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places