New Search

SUSE-SU-2014:1557-2 -- Security update for compat-openssl097g (moderate)

oval:org.mitre.oval:def:28044

The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues: * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV (CVE-2014-3566) * Information leak in pretty printing functions (CVE-2014-3508) * OCSP bad key DoS attack (CVE-2013-0166) * SSL/TLS CBC plaintext recovery attack (CVE-2013-0169) * Anonymous ECDH denial of service (CVE-2014-3470) * SSL/TLS MITM vulnerability (CVE-2014-0224) Security Issues: * CVE-2013-0166 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166> * CVE-2013-0169 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169> * CVE-2014-0224 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224> * CVE-2014-3470 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470> * CVE-2014-3508 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508> * CVE-2014-3566 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>

Family:
unix
Status:
ACCEPTED
Platform(s):
  • SUSE Linux Enterprise Desktop 11
Class:
patch
Reference(s):
  • SUSE-SU-2014:1557-2
  • CVE-2013-0166
  • CVE-2013-0169
  • CVE-2014-0224
  • CVE-2014-3470
  • CVE-2014-3508
  • CVE-2014-3566
  • CVE-2014-3568
Product(s):
  • compat-openssl097g