Automatic conversion of the NetBSD pkgsrc CVS module, use with care
5be2a0a5f4
openSUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0130-1 Rating: important References: #911399 #912014 #912015 #912018 #912292 #912293 #912294 #912296 Cross-References: CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: openssl was updated to 1.0.1k to fix various security issues and bugs. More information can be found in the openssl advisory: http://openssl.org/news/secadv_20150108.txt Following issues were fixed: * CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. * CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. * CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. * CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues. * CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export ciphersuites * CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client certificates without sending certificate verify message. * CVE-2015-0206 (bsc#912292): A memory leak was fixed in dtls1_buffer_record. References: http://support.novell.com/security/cve/CVE-2014-3569.html http://support.novell.com/security/cve/CVE-2014-3570.html http://support.novell.com/security/cve/CVE-2014-3571.html http://support.novell.com/security/cve/CVE-2014-3572.html http://support.novell.com/security/cve/CVE-2014-8275.html http://support.novell.com/security/cve/CVE-2015-0204.html http://support.novell.com/security/cve/CVE-2015-0205.html http://support.novell.com/security/cve/CVE-2015-0206.html https://bugzilla.suse.com/show_bug.cgi?id=911399 https://bugzilla.suse.com/show_bug.cgi?id=912014 https://bugzilla.suse.com/show_bug.cgi?id=912015 https://bugzilla.suse.com/show_bug.cgi?id=912018 https://bugzilla.suse.com/show_bug.cgi?id=912292 https://bugzilla.suse.com/show_bug.cgi?id=912293 https://bugzilla.suse.com/show_bug.cgi?id=912294 https://bugzilla.suse.com/show_bug.cgi?id=912296 |
||
|---|---|---|
| archivers | ||
| audio | ||
| benchmarks | ||
| biology | ||
| bootstrap | ||
| cad | ||
| chat | ||
| comms | ||
| converters | ||
| cross | ||
| databases | ||
| devel | ||
| distfiles | ||
| doc | ||
| editors | ||
| emulators | ||
| filesystems | ||
| finance | ||
| fonts | ||
| games | ||
| geography | ||
| graphics | ||
| ham | ||
| inputmethod | ||
| lang | ||
| licenses | ||
| math | ||
| mbone | ||
| meta-pkgs | ||
| misc | ||
| mk | ||
| multimedia | ||
| net | ||
| news | ||
| packages | ||
| parallel | ||
| pkgtools | ||
| regress | ||
| security | ||
| shells | ||
| sysutils | ||
| templates | ||
| textproc | ||
| time | ||
| wm | ||
| www | ||
| x11 | ||
| Makefile | ||
| pkglocate | ||
| README | ||
$NetBSD: README,v 1.18 2005/05/07 22:18:28 wiz Exp $ Please see doc/pkgsrc.txt for information.