1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2015:0547-1

[SUSE-SU-2015:0547-1] Security update for compat-openssl097g

Severity Moderate
Affected Packages 3
CVEs 14
Info Packages References Vulnerabilities

Security update for compat-openssl097g

OpenSSL was updated to fix several security issues:

* CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by
  rejecting connections with DH parameters shorter than 1024 bits.
  2048-bit DH parameters are now generated by default.
* CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.
* CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent
  was fixed.
* Fixed a timing side channel in RSA decryption. (bsc#929678)

Additional changes:

* In the default SSL cipher string EXPORT ciphers are now disabled.
  This will only get active if applications get rebuilt and actually
  use this string. (bsc#931698)

Security Issues:

* CVE-2015-1789
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789>
* CVE-2015-1790
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790>
* CVE-2015-4000
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000>
Package Affected Version
pkg:rpm/suse/compat-openssl097g?arch=x86_64&distro=sled-11&sp=3 < 0.9.7g-146.22.31.1
pkg:rpm/suse/compat-openssl097g?arch=i586&distro=sled-11&sp=3 < 0.9.7g-146.22.31.1
pkg:rpm/suse/compat-openssl097g-32bit?arch=x86_64&distro=sled-11&sp=3 < 0.9.7g-146.22.31.1
ID
SUSE-SU-2015:0547-1
Severity
moderate
URL
https://www.suse.com/support/update/announcement/2015/suse-su-20150547-1/
Published
2015-06-19T09:33:13
(9 years ago)
Modified
2015-06-19T09:33:13
(9 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0547-1.json
Suse URL for SUSE-SU-2015:0547-1 https://www.suse.com/support/update/announcement/2015/suse-su-20150547-1/
Suse E-Mail link for SUSE-SU-2015:0547-1 https://lists.suse.com/pipermail/sle-security-updates/2015-March/001301.html
Bugzilla SUSE Bug 912014 https://bugzilla.suse.com/912014
Bugzilla SUSE Bug 912015 https://bugzilla.suse.com/912015
Bugzilla SUSE Bug 912018 https://bugzilla.suse.com/912018
Bugzilla SUSE Bug 912293 https://bugzilla.suse.com/912293
Bugzilla SUSE Bug 912296 https://bugzilla.suse.com/912296
Bugzilla SUSE Bug 922488 https://bugzilla.suse.com/922488
Bugzilla SUSE Bug 922496 https://bugzilla.suse.com/922496
Bugzilla SUSE Bug 922499 https://bugzilla.suse.com/922499
Bugzilla SUSE Bug 922500 https://bugzilla.suse.com/922500
Bugzilla SUSE Bug 922501 https://bugzilla.suse.com/922501
Bugzilla SUSE Bug 929678 https://bugzilla.suse.com/929678
Bugzilla SUSE Bug 931698 https://bugzilla.suse.com/931698
Bugzilla SUSE Bug 934489 https://bugzilla.suse.com/934489
Bugzilla SUSE Bug 934491 https://bugzilla.suse.com/934491
CVE SUSE CVE CVE-2014-3570 page https://www.suse.com/security/cve/CVE-2014-3570/
CVE SUSE CVE CVE-2014-3572 page https://www.suse.com/security/cve/CVE-2014-3572/
CVE SUSE CVE CVE-2014-8275 page https://www.suse.com/security/cve/CVE-2014-8275/
CVE SUSE CVE CVE-2015-0204 page https://www.suse.com/security/cve/CVE-2015-0204/
CVE SUSE CVE CVE-2015-0205 page https://www.suse.com/security/cve/CVE-2015-0205/
CVE SUSE CVE CVE-2015-0286 page https://www.suse.com/security/cve/CVE-2015-0286/
CVE SUSE CVE CVE-2015-0287 page https://www.suse.com/security/cve/CVE-2015-0287/
CVE SUSE CVE CVE-2015-0288 page https://www.suse.com/security/cve/CVE-2015-0288/
CVE SUSE CVE CVE-2015-0289 page https://www.suse.com/security/cve/CVE-2015-0289/
CVE SUSE CVE CVE-2015-0292 page https://www.suse.com/security/cve/CVE-2015-0292/
CVE SUSE CVE CVE-2015-0293 page https://www.suse.com/security/cve/CVE-2015-0293/
CVE SUSE CVE CVE-2015-1789 page https://www.suse.com/security/cve/CVE-2015-1789/
CVE SUSE CVE CVE-2015-1790 page https://www.suse.com/security/cve/CVE-2015-1790/
CVE SUSE CVE CVE-2015-4000 page https://www.suse.com/security/cve/CVE-2015-4000/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/compat-openssl097g?arch=x86_64&distro=sled-11&sp=3 suse compat-openssl097g < 0.9.7g-146.22.31.1 sled-11 x86_64
Affected pkg:rpm/suse/compat-openssl097g?arch=i586&distro=sled-11&sp=3 suse compat-openssl097g < 0.9.7g-146.22.31.1 sled-11 i586
Affected pkg:rpm/suse/compat-openssl097g-32bit?arch=x86_64&distro=sled-11&sp=3 suse compat-openssl097g-32bit < 0.9.7g-146.22.31.1 sled-11 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date