Articles / SuSE: New OpenSSL packages …

SuSE: New OpenSSL packages fix security vulnerabilities

This update improves the ClientHello handshake message parsing function in OpenSSL. Prior to this update is was possible that this function reads beyond the end of a message leading to invalid memory access and a crash. Under some circumstances it was possible that information from the OCSP extensions was disclosed. Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for openSSL
______________________________________________________________________________

Announcement ID:    SUSE-SU-403 Forbidden-1
Rating:             important
References:         #670526 #678195 #735850 
Cross-References:   CVE-2009-5029 CVE-2011-0014
Affected Products:
                   SUSE Linux Enterprise Software Development Kit 11 SP1
                   SUSE Linux Enterprise Server 11 SP1 for VMware
                   SUSE Linux Enterprise Server 11 SP1
                   SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

  An update that solves two vulnerabilities and has one
  errata is now available.

Description:


  This update improves the ClientHello handshake message
  parsing function.  Prior to this update is was possible
  that this function reads beyond the  end of a message
  leading to invalid memory access and a crash. Under some
  circumstances it was possible that information from the
  OCSP extensions was  disclosed. (CVE-2011-0014: CVSS v2
  Base Score: 5.8  (AV:N/AC:M/Au:N/C:P/I:N/A:P))

  Security Issue reference:

  * CVE-2011-0014
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014


Indications:

  Please update.

Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Software Development Kit 11 SP1:

     zypper in -t patch sdksp1-glibc-5555 sdksp1-libopenssl-devel-3938

  - SUSE Linux Enterprise Server 11 SP1 for VMware:

     zypper in -t patch slessp1-glibc-5555 slessp1-libopenssl-devel-3938

  - SUSE Linux Enterprise Server 11 SP1:

     zypper in -t patch slessp1-glibc-5555 slessp1-libopenssl-devel-3938

  - SUSE Linux Enterprise Desktop 11 SP1:

     zypper in -t patch sledsp1-glibc-5555 sledsp1-libopenssl-devel-3938

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64):

     libopenssl-devel-0.9.8h-30.32.1

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64):

     glibc-html-2.11.1-0.34.1
     glibc-info-2.11.1-0.34.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 i686 x86_64):

     glibc-2.11.1-0.34.1
     glibc-devel-2.11.1-0.34.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):

     glibc-html-2.11.1-0.34.1
     glibc-i18ndata-2.11.1-0.34.1
     glibc-info-2.11.1-0.34.1
     glibc-locale-2.11.1-0.34.1
     glibc-profile-2.11.1-0.34.1
     libopenssl0_9_8-0.9.8h-30.32.1
     nscd-2.11.1-0.34.1
     openssl-0.9.8h-30.32.1
     openssl-doc-0.9.8h-30.32.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64):

     glibc-32bit-2.11.1-0.34.1
     glibc-devel-32bit-2.11.1-0.34.1
     glibc-locale-32bit-2.11.1-0.34.1
     glibc-profile-32bit-2.11.1-0.34.1
     libopenssl0_9_8-32bit-0.9.8h-30.32.1

  - SUSE Linux Enterprise Server 11 SP1 (i586 i686 ia64 ppc64 s390x x86_64):

     glibc-2.11.1-0.34.1
     glibc-devel-2.11.1-0.34.1

  - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64):

     glibc-html-2.11.1-0.34.1
     glibc-i18ndata-2.11.1-0.34.1
     glibc-info-2.11.1-0.34.1
     glibc-locale-2.11.1-0.34.1
     glibc-profile-2.11.1-0.34.1
     libopenssl0_9_8-0.9.8h-30.32.1
     nscd-2.11.1-0.34.1
     openssl-0.9.8h-30.32.1
     openssl-doc-0.9.8h-30.32.1

  - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64):

     glibc-32bit-2.11.1-0.34.1
     glibc-devel-32bit-2.11.1-0.34.1
     glibc-locale-32bit-2.11.1-0.34.1
     glibc-profile-32bit-2.11.1-0.34.1
     libopenssl0_9_8-32bit-0.9.8h-30.32.1

  - SUSE Linux Enterprise Server 11 SP1 (ia64):

     glibc-locale-x86-2.11.1-0.34.1
     glibc-profile-x86-2.11.1-0.34.1
     glibc-x86-2.11.1-0.34.1
     libopenssl0_9_8-x86-0.9.8h-30.32.1

  - SUSE Linux Enterprise Desktop 11 SP1 (i586 i686 x86_64):

     glibc-2.11.1-0.34.1
     glibc-devel-2.11.1-0.34.1

  - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):

     glibc-i18ndata-2.11.1-0.34.1
     glibc-locale-2.11.1-0.34.1
     libopenssl0_9_8-0.9.8h-30.32.1
     nscd-2.11.1-0.34.1
     openssl-0.9.8h-30.32.1

  - SUSE Linux Enterprise Desktop 11 SP1 (x86_64):

     glibc-32bit-2.11.1-0.34.1
     glibc-devel-32bit-2.11.1-0.34.1
     glibc-locale-32bit-2.11.1-0.34.1
     libopenssl0_9_8-32bit-0.9.8h-30.32.1


References:

  http://support.novell.com/security/cve/CVE-2009-5029.html
  http://support.novell.com/security/cve/CVE-2011-0014.html
  https://bugzilla.novell.com/670526
  https://bugzilla.novell.com/678195
  https://bugzilla.novell.com/735850
  http://download.novell.com/patch/finder/?keywords=2adddddaf0d4d6c89870ab7b933c2204
  http://download.novell.com/patch/finder/?keywords=465d0206a0a64cb1c71ef81d34e113c1
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.