Problems found with existing digests:
Package suse131_libSDL
1c4d17a53bece6243cb3e6dd11c36d50f851a4f4 [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Package suse131_libdbus
de99fcfa8e2c7ced28caf38c24d217d6037aaa56 [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Package suse131_qt4
94daff738912c96ed8878ce1a131cd49fb379206 [recorded]
886206018431aee9f8a01e1fb7e46973e8dca9d9 [calculated]
Problems found locating distfiles for atari800, compat12, compat 13,
compat14, compat15, compat20, compat30, compat40, compat50,
compat50-x11, compat51, compat51-x11, compat60, compat61,
compat61-x11, fmsx, osf1_lib, vice, xbeeb, xm7.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
openSUSE Security Update: openssl: fixed elliptic curve handshake failure
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1474-1
Rating: low
References: #905037
Affected Products:
openSUSE 13.2
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This openssl update fixes a TLS handshake problem when elliptic curves are
in use.
openSUSE Security Update: update for openssl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1331-1
Rating: important
References: #901223#901277
Cross-References: CVE-2014-3513 CVE-2014-3566 CVE-2014-3567
CVE-2014-3568
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
The following issues were fixed in this release:
CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513,
CVE-2014-3567: DTLS memory leak and session ticket memory leak
openSUSE Security Update: openssl: update to version 1.0.1h
Description:
The openssl library was updated to version 1.0.1h fixing various security
issues and bugs:
Security issues fixed:
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
crafted handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
handshake to an OpenSSL DTLS client the code can be made to recurse
eventually crashing in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to an
OpenSSL DTLS client or server. This is potentially exploitable to run
arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
ciphersuites are subject to a denial of service attack.
Bump PKGREVISION.
OpenSSL: Fixed a use-after-free race condition in OpenSSL's read buffer.
Description:
A use-after-free race condition in OpenSSL's read buffer
was fixed that could cause connections to drop
(CVE-2010-5298).
Bump PKGREVISION.
update for openssl
This is an openssl version update to 1.0.1g.
- The main reason for this upgrade was to be clear about
the TLS heartbeat problem know as "Heartbleed"
(CVE-2014-0160). That problem was already fixed in our
previous openssl update.
Bump PKGREVISION.
