Overview

File _patchinfo of Package patchinfo.2956

<patchinfo>
  <issue id="890767" tracker="bnc"/>
  <issue id="890768" tracker="bnc"/>
  <issue id="890769" tracker="bnc"/>
  <issue id="890764" tracker="bnc"/>
  <issue id="890766" tracker="bnc"/>
  <issue id="890770" tracker="bnc"/>
  <issue id="890771" tracker="bnc"/>
  <issue id="890772" tracker="bnc"/>
  <issue id="890765" tracker="bnc"/>
  <issue id="CVE-2014-3505" tracker="cve" />
  <issue id="CVE-2014-3506" tracker="cve" />
  <issue id="CVE-2014-3507" tracker="cve" />
  <issue id="CVE-2014-3512" tracker="cve" />
  <issue id="CVE-2014-3511" tracker="cve" />
  <issue id="CVE-2014-3510" tracker="cve" />
  <issue id="CVE-2014-3508" tracker="cve" />
  <issue id="CVE-2014-3509" tracker="cve" />
  <issue id="CVE-2014-5139" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>elvigia</packager>
  <description>This openssl update fixes the following security issues:

- openssl 1.0.1i
* Information leak in pretty printing functions (CVE-2014-3508)
* Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
* Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
* Double Free when processing DTLS packets (CVE-2014-3505)
* DTLS memory exhaustion (CVE-2014-3506)
* DTLS memory leak from zero-length fragments (CVE-2014-3507)
* OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
* OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
* SRP buffer overrun (CVE-2014-3512)
</description>
  <summary>update for openssl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places