Overview

Request 358362 superseded

- update to 1.0.2f (boo#963410)
*) DH small subgroups (boo#963413)
Historically OpenSSL only ever generated DH parameters based on "safe"
primes. More recently (in version 1.0.2) support was provided for
generating X9.42 style parameter files such as those required for RFC 5114
support. The primes used in such files may not be "safe". Where an
application is using DH configured with parameters based on primes that are
not "safe" then an attacker could use this fact to find a peer's private
DH exponent. This attack requires that the attacker complete multiple
handshakes in which the peer uses the same private DH exponent. For example
this could be used to discover a TLS server's private DH exponent if it's
reusing the private DH exponent or it's using a static DH ciphersuite.
(CVE-2016-0701)
*) SSLv2 doesn't block disabled ciphers (boo#963415)
A malicious client can negotiate SSLv2 ciphers that have been disabled on
the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
been disabled, provided that the SSLv2 protocol was not also disabled via
SSL_OP_NO_SSLv2.
(CVE-2015-3197)
*) Reject DH handshakes with parameters shorter than 1024 bits.

Loading...
Request History
Marcus Meissner's avatar

msmeissn created request

- update to 1.0.2f (boo#963410)
*) DH small subgroups (boo#963413)
Historically OpenSSL only ever generated DH parameters based on "safe"
primes. More recently (in version 1.0.2) support was provided for
generating X9.42 style parameter files such as those required for RFC 5114
support. The primes used in such files may not be "safe". Where an
application is using DH configured with parameters based on primes that are
not "safe" then an attacker could use this fact to find a peer's private
DH exponent. This attack requires that the attacker complete multiple
handshakes in which the peer uses the same private DH exponent. For example
this could be used to discover a TLS server's private DH exponent if it's
reusing the private DH exponent or it's using a static DH ciphersuite.
(CVE-2016-0701)
*) SSLv2 doesn't block disabled ciphers (boo#963415)
A malicious client can negotiate SSLv2 ciphers that have been disabled on
the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
been disabled, provided that the SSLv2 protocol was not also disabled via
SSL_OP_NO_SSLv2.
(CVE-2015-3197)
*) Reject DH handshakes with parameters shorter than 1024 bits.


Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources


Factory Auto's avatar

factory-auto added factory-repo-checker as a reviewer

Please review build success


Factory Auto's avatar

factory-auto accepted review

Check script succeeded


Saul Goodman's avatar

licensedigger accepted review


Raymond Wooninck's avatar

tittiatcoke accepted review


Factory Repo Checker's avatar

factory-repo-checker accepted review

Builds for repo Base:System/openSUSE_Tumbleweed


Dominique Leuenberger's avatar

dimstar_suse set openSUSE:Factory:Staging:C as a staging project

Being evaluated by staging project "openSUSE:Factory:Staging:C"


Dominique Leuenberger's avatar

dimstar_suse accepted review

Picked openSUSE:Factory:Staging:C


Dominique Leuenberger's avatar

dimstar_suse accepted review

Removing from openSUSE:Factory:Staging:C, re-evaluation needed


Dominique Leuenberger's avatar

dimstar_suse approved review

Removing from openSUSE:Factory:Staging:C, re-evaluation needed


Dominique Leuenberger's avatar

dimstar_suse added factory-staging as a reviewer

Requesting new staging review


Marcus Meissner's avatar

msmeissn superseded request

superseded by 363602

openSUSE Build Service is sponsored by