SUSE-SU-2015:1184-2

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20151184-2/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1184-2.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:1184-2
Related
Published
2013-03-25T15:10:09Z
Modified
2013-03-25T15:10:09Z
Summary
Security update for OpenSSL
Details

OpenSSL has been updated to fix several security issues:

* CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL
  compression by default. Setting the environment variable
  'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again.
* CVE-2013-0169: Timing attacks against TLS could be used by physically
  local attackers to gain access to transmitted plain text or private
  keymaterial. This issue is also known as the 'Lucky-13' issue.
* CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.

Security Issue references:

* CVE-2013-0169
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169>
* CVE-2013-0166
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166>
References

Affected packages