Overview

File _patchinfo of Package patchinfo.3429

<patchinfo incident="3429">
  <category>security</category>
  <rating>important</rating>
  <packager>elvigia</packager>
  <summary>Security update for openssl</summary>
  <description>
openssl was updated to 1.0.1k to fix various security
issues and bugs.

More information can be found in the openssl advisory:
    http://openssl.org/news/secadv_20150108.txt

Following issues were fixed:

* CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64.

* CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record.

* CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted.

* CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues.

* CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export ciphersuites

* CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client certificates without sending certificate verify message.

* CVE-2015-0206 (bsc#912292): A memory leak was fixed in dtls1_buffer_record.
</description>
  <issue tracker="bnc" id="911399"/>
  <issue tracker="bnc" id="912014"/>
  <issue tracker="bnc" id="912015"/>
  <issue tracker="bnc" id="912018"/>
  <issue tracker="bnc" id="912292"/>
  <issue tracker="bnc" id="912293"/>
  <issue tracker="bnc" id="912294"/>
  <issue tracker="bnc" id="912296"/>
  <issue tracker="cve" id="CVE-2014-3570"/>
  <issue tracker="cve" id="CVE-2014-8275"/>
  <issue tracker="cve" id="CVE-2015-0204"/>
  <issue tracker="cve" id="CVE-2015-0205"/>
  <issue tracker="cve" id="CVE-2014-3569"/>
  <issue tracker="cve" id="CVE-2014-3571"/>
  <issue tracker="cve" id="CVE-2014-3572"/>
  <issue tracker="cve" id="CVE-2015-0206"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places