SUSE-SU-2015:1183-2
- Source
- https://www.suse.com/support/update/announcement/2015/suse-su-20151183-2/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1183-2.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:1183-2
- Related
- Published
- 2015-06-19T09:33:13Z
- Modified
- 2015-06-19T09:33:13Z
- Summary
- Security update for compat-openssl097g
- Details
-
OpenSSL was updated to fix several security issues:
* CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * Fixed a timing side channel in RSA decryption. (bsc#929678)Additional changes:
* In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bsc#931698)Security Issues:
* CVE-2015-1789 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789> * CVE-2015-1790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790> * CVE-2015-4000 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000> - References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20151183-2/
- https://bugzilla.suse.com/912014
- https://bugzilla.suse.com/912015
- https://bugzilla.suse.com/912018
- https://bugzilla.suse.com/912293
- https://bugzilla.suse.com/912296
- https://bugzilla.suse.com/922488
- https://bugzilla.suse.com/922496
- https://bugzilla.suse.com/922499
- https://bugzilla.suse.com/922500
- https://bugzilla.suse.com/922501
- https://bugzilla.suse.com/929678
- https://bugzilla.suse.com/931698
- https://bugzilla.suse.com/934489
- https://bugzilla.suse.com/934491
- https://www.suse.com/security/cve/CVE-2014-3570
- https://www.suse.com/security/cve/CVE-2014-3572
- https://www.suse.com/security/cve/CVE-2014-8275
- https://www.suse.com/security/cve/CVE-2015-0204
- https://www.suse.com/security/cve/CVE-2015-0205
- https://www.suse.com/security/cve/CVE-2015-0286
- https://www.suse.com/security/cve/CVE-2015-0287
- https://www.suse.com/security/cve/CVE-2015-0288
- https://www.suse.com/security/cve/CVE-2015-0289
- https://www.suse.com/security/cve/CVE-2015-0292
- https://www.suse.com/security/cve/CVE-2015-0293
- https://www.suse.com/security/cve/CVE-2015-1789
- https://www.suse.com/security/cve/CVE-2015-1790
- https://www.suse.com/security/cve/CVE-2015-4000