SUSE-SU-2015:1143-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20151143-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1143-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:1143-1
Related
Published
2015-06-17T14:42:51Z
Modified
2015-06-17T14:42:51Z
Summary
Security update for openssl
Details

This update of openssl fixes the following security issues: - CVE-2015-4000 (bsc#931698) * The Logjam Attack / weakdh.org * reject connections with DH parameters shorter than 1024 bits * generates 2048-bit DH parameters by default - CVE-2015-1788 (bsc#934487) * Malformed ECParameters causes infinite loop - CVE-2015-1789 (bsc#934489) * Exploitable out-of-bounds read in X509cmptime - CVE-2015-1790 (bsc#934491) * PKCS7 crash with missing EnvelopedContent - CVE-2015-1792 (bsc#934493) * CMS verify infinite loop with unknown hash function - CVE-2015-1791 (bsc#933911) * race condition in NewSessionTicket - CVE-2015-3216 (bsc#933898) * Crash in ssleayrandbytes due to locking regression - fix a timing side channel in RSA decryption (bnc#929678)

References

Affected packages

SUSE:Linux Enterprise Desktop 12 / openssl

Package

Name
openssl
Purl
purl:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1i-25.1

Ecosystem specific

{
    "binaries": [
        {
            "openssl": "1.0.1i-25.1",
            "libopenssl1_0_0": "1.0.1i-25.1",
            "libopenssl1_0_0-32bit": "1.0.1i-25.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 / openssl

Package

Name
openssl
Purl
purl:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1i-25.1

Ecosystem specific

{
    "binaries": [
        {
            "libopenssl-devel": "1.0.1i-25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / openssl

Package

Name
openssl
Purl
purl:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1i-25.1

Ecosystem specific

{
    "binaries": [
        {
            "openssl": "1.0.1i-25.1",
            "libopenssl1_0_0": "1.0.1i-25.1",
            "libopenssl1_0_0-32bit": "1.0.1i-25.1",
            "libopenssl1_0_0-hmac": "1.0.1i-25.1",
            "openssl-doc": "1.0.1i-25.1",
            "libopenssl1_0_0-hmac-32bit": "1.0.1i-25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / openssl

Package

Name
openssl
Purl
purl:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1i-25.1

Ecosystem specific

{
    "binaries": [
        {
            "openssl": "1.0.1i-25.1",
            "libopenssl1_0_0": "1.0.1i-25.1",
            "libopenssl1_0_0-32bit": "1.0.1i-25.1",
            "libopenssl1_0_0-hmac": "1.0.1i-25.1",
            "openssl-doc": "1.0.1i-25.1",
            "libopenssl1_0_0-hmac-32bit": "1.0.1i-25.1"
        }
    ]
}