Security update for compat-openssl098

SUSE Security Update: Security update for compat-openssl098
Announcement ID: SUSE-SU-2015:1150-1
Rating: important
References: #879179 #929678 #931698 #933898 #933911 #934487 #934489 #934491 #934493
Affected Products:
  • SUSE Linux Enterprise Module for Legacy Software 12
  • SUSE Linux Enterprise Desktop 12

  • An update that solves 7 vulnerabilities and has two fixes is now available.

    Description:


    This update fixes the following security issues:

    - CVE-2015-4000 (boo#931698)
    * The Logjam Attack / weakdh.org
    * reject connections with DH parameters shorter than 1024 bits
    * generates 2048-bit DH parameters by default
    - CVE-2015-1788 (boo#934487)
    * Malformed ECParameters causes infinite loop
    - CVE-2015-1789 (boo#934489)
    * Exploitable out-of-bounds read in X509_cmp_time
    - CVE-2015-1790 (boo#934491)
    * PKCS7 crash with missing EnvelopedContent
    - CVE-2015-1792 (boo#934493)
    * CMS verify infinite loop with unknown hash function
    - CVE-2015-1791 (boo#933911)
    * race condition in NewSessionTicket
    - CVE-2015-3216 (boo#933898)
    * Crash in ssleay_rand_bytes due to locking regression
    * modified openssl-1.0.1i-fipslocking.patch
    - fix timing side channel in RSA decryption (bnc#929678)
    - add ECC ciphersuites to DEFAULT (bnc#879179)
    - Disable EXPORT ciphers by default (bnc#931698, comment #3)

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Module for Legacy Software 12:
      zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-285=1
    • SUSE Linux Enterprise Desktop 12:
      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-285=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64):
      • compat-openssl098-debugsource-0.9.8j-78.1
      • libopenssl0_9_8-0.9.8j-78.1
      • libopenssl0_9_8-32bit-0.9.8j-78.1
      • libopenssl0_9_8-debuginfo-0.9.8j-78.1
      • libopenssl0_9_8-debuginfo-32bit-0.9.8j-78.1
    • SUSE Linux Enterprise Desktop 12 (x86_64):
      • compat-openssl098-debugsource-0.9.8j-78.1
      • libopenssl0_9_8-0.9.8j-78.1
      • libopenssl0_9_8-32bit-0.9.8j-78.1
      • libopenssl0_9_8-debuginfo-0.9.8j-78.1
      • libopenssl0_9_8-debuginfo-32bit-0.9.8j-78.1

    References: