SUSE-SU-2015:2251-1

UNKNOWN

Security update for compat-openssl097g

Published Dec 10, 2015

Modified 10 years ago

Fix available

Details

This update for compat-openssl097g fixes the following issues:

Security issue fixed:

CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812)

A non security issue fixed:

Prevent segfault in s_client with invalid options (bsc#952099)

Affected Packages

compat-openssl097g

SUSE Linux Enterprise Desktop 11 SP3SUSE Linux Enterprise Desktop 11 SP4SUSE Linux Enterprise Server for SAP Applications 11 SP2SUSE Linux Enterprise Server for SAP Applications 11 SP3SUSE Linux Enterprise Server for SAP Applications 11 SP4

Fixed in:

0.9.7g-146.22.36.1

compat-openssl097g-32bit

Fixed in:

0.9.7g-146.22.36.1

References

REPORT

https://bugzilla.suse.com/952099

REPORT

https://bugzilla.suse.com/957812

WEB

https://www.suse.com/security/cve/CVE-2015-3195