Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="4444">
  <packager>vitezslav_cizek</packager>
  <issue tracker="bnc" id="957812">VUL-0: CVE-2015-3195: openssl: X509_ATTRIBUTE memory leak</issue>
  <issue tracker="bnc" id="952099">openssl s_client segfaults with typo in options, LTSS customer</issue>
  <issue tracker="cve" id="CVE-2015-3195"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for compat-openssl098</summary>
  <description>This update for compat-openssl098 fixes the following issues: 

Security issue fixed:

- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure
  OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS
  routines so any application which reads PKCS#7 or CMS data from untrusted
  sources is affected. SSL/TLS is not affected. (bsc#957812)

Non security issue fixed:

- Prevent segfault in s_client with invalid options (bsc#952099)

This update was imported from the SUSE:SLE-12:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places