Articles / SuSE: New OpenSSL packages ...

SuSE: New OpenSSL packages fix security vulnerabilities

Patrick Lenz @scoop 07 Jan 2012 15:53 0

This update improves the ClientHello handshake message parsing function in OpenSSL. Prior to this update is was possible that this function reads beyond the end of a message leading to invalid memory access and a crash. Under some circumstances it was possible that information from the OCSP extensions was disclosed. Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for openSSL
______________________________________________________________________________

Announcement ID:    SUSE-SU-403 Forbidden-1
Rating:             important
References:         #670526 #678195 #735850 
Cross-References:   CVE-2009-5029 CVE-2011-0014
Affected Products:
                   SUSE Linux Enterprise Software Development Kit 11 SP1
                   SUSE Linux Enterprise Server 11 SP1 for VMware
                   SUSE Linux Enterprise Server 11 SP1
                   SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

  An update that solves two vulnerabilities and has one
  errata is now available.

Description:


  This update improves the ClientHello handshake message
  parsing function.  Prior to this update is was possible
  that this function reads beyond the  end of a message
  leading to invalid memory access and a crash. Under some
  circumstances it was possible that information from the
  OCSP extensions was  disclosed. (CVE-2011-0014: CVSS v2
  Base Score: 5.8  (AV:N/AC:M/Au:N/C:P/I:N/A:P))

  Security Issue reference:

  * CVE-2011-0014
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014


Indications:

  Please update.

Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Software Development Kit 11 SP1:

     zypper in -t patch sdksp1-glibc-5555 sdksp1-libopenssl-devel-3938

  - SUSE Linux Enterprise Server 11 SP1 for VMware:

     zypper in -t patch slessp1-glibc-5555 slessp1-libopenssl-devel-3938

  - SUSE Linux Enterprise Server 11 SP1:

     zypper in -t patch slessp1-glibc-5555 slessp1-libopenssl-devel-3938

  - SUSE Linux Enterprise Desktop 11 SP1:

     zypper in -t patch sledsp1-glibc-5555 sledsp1-libopenssl-devel-3938

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64):

     libopenssl-devel-0.9.8h-30.32.1

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64):

     glibc-html-2.11.1-0.34.1
     glibc-info-2.11.1-0.34.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 i686 x86_64):

     glibc-2.11.1-0.34.1
     glibc-devel-2.11.1-0.34.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):

     glibc-html-2.11.1-0.34.1
     glibc-i18ndata-2.11.1-0.34.1
     glibc-info-2.11.1-0.34.1
     glibc-locale-2.11.1-0.34.1
     glibc-profile-2.11.1-0.34.1
     libopenssl0_9_8-0.9.8h-30.32.1
     nscd-2.11.1-0.34.1
     openssl-0.9.8h-30.32.1
     openssl-doc-0.9.8h-30.32.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64):

     glibc-32bit-2.11.1-0.34.1
     glibc-devel-32bit-2.11.1-0.34.1
     glibc-locale-32bit-2.11.1-0.34.1
     glibc-profile-32bit-2.11.1-0.34.1
     libopenssl0_9_8-32bit-0.9.8h-30.32.1

  - SUSE Linux Enterprise Server 11 SP1 (i586 i686 ia64 ppc64 s390x x86_64):

     glibc-2.11.1-0.34.1
     glibc-devel-2.11.1-0.34.1

  - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64):

     glibc-html-2.11.1-0.34.1
     glibc-i18ndata-2.11.1-0.34.1
     glibc-info-2.11.1-0.34.1
     glibc-locale-2.11.1-0.34.1
     glibc-profile-2.11.1-0.34.1
     libopenssl0_9_8-0.9.8h-30.32.1
     nscd-2.11.1-0.34.1
     openssl-0.9.8h-30.32.1
     openssl-doc-0.9.8h-30.32.1

  - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64):

     glibc-32bit-2.11.1-0.34.1
     glibc-devel-32bit-2.11.1-0.34.1
     glibc-locale-32bit-2.11.1-0.34.1
     glibc-profile-32bit-2.11.1-0.34.1
     libopenssl0_9_8-32bit-0.9.8h-30.32.1

  - SUSE Linux Enterprise Server 11 SP1 (ia64):

     glibc-locale-x86-2.11.1-0.34.1
     glibc-profile-x86-2.11.1-0.34.1
     glibc-x86-2.11.1-0.34.1
     libopenssl0_9_8-x86-0.9.8h-30.32.1

  - SUSE Linux Enterprise Desktop 11 SP1 (i586 i686 x86_64):

     glibc-2.11.1-0.34.1
     glibc-devel-2.11.1-0.34.1

  - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):

     glibc-i18ndata-2.11.1-0.34.1
     glibc-locale-2.11.1-0.34.1
     libopenssl0_9_8-0.9.8h-30.32.1
     nscd-2.11.1-0.34.1
     openssl-0.9.8h-30.32.1

  - SUSE Linux Enterprise Desktop 11 SP1 (x86_64):

     glibc-32bit-2.11.1-0.34.1
     glibc-devel-32bit-2.11.1-0.34.1
     glibc-locale-32bit-2.11.1-0.34.1
     libopenssl0_9_8-32bit-0.9.8h-30.32.1


References:

  http://support.novell.com/security/cve/CVE-2009-5029.html
  http://support.novell.com/security/cve/CVE-2011-0014.html
  https://bugzilla.novell.com/670526
  https://bugzilla.novell.com/678195
  https://bugzilla.novell.com/735850
  http://download.novell.com/patch/finder/?keywords=2adddddaf0d4d6c89870ab7b933c2204
  http://download.novell.com/patch/finder/?keywords=465d0206a0a64cb1c71ef81d34e113c1

Related projects

Screenshot

Project Spotlight

Zynaptic Reaction

An asynchronous programming framework for Java inspired by Twisted Python.

Screenshot

Project Spotlight

Stantor-Domodulor

A home automation software system.