Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:13.1:Update
patchinfo.3429
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.3429
<patchinfo incident="3429"> <category>security</category> <rating>important</rating> <packager>elvigia</packager> <summary>Security update for openssl</summary> <description> openssl was updated to 1.0.1k to fix various security issues and bugs. More information can be found in the openssl advisory: http://openssl.org/news/secadv_20150108.txt Following issues were fixed: * CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. * CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. * CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. * CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues. * CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export ciphersuites * CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client certificates without sending certificate verify message. * CVE-2015-0206 (bsc#912292): A memory leak was fixed in dtls1_buffer_record. </description> <issue tracker="bnc" id="911399"/> <issue tracker="bnc" id="912014"/> <issue tracker="bnc" id="912015"/> <issue tracker="bnc" id="912018"/> <issue tracker="bnc" id="912292"/> <issue tracker="bnc" id="912293"/> <issue tracker="bnc" id="912294"/> <issue tracker="bnc" id="912296"/> <issue tracker="cve" id="CVE-2014-3570"/> <issue tracker="cve" id="CVE-2014-8275"/> <issue tracker="cve" id="CVE-2015-0204"/> <issue tracker="cve" id="CVE-2015-0205"/> <issue tracker="cve" id="CVE-2014-3569"/> <issue tracker="cve" id="CVE-2014-3571"/> <issue tracker="cve" id="CVE-2014-3572"/> <issue tracker="cve" id="CVE-2015-0206"/> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor