New Search

SUSE-SU-2014:1524-1 -- Security update for openssl (moderate)

oval:org.mitre.oval:def:28273

openssl was updated to fix four security issues. These security issues were fixed: - SRTP Memory Leak (CVE-2014-3513). - Session Ticket Memory Leak (CVE-2014-3567). - Fixed incomplete no-ssl3 build option (CVE-2014-3568). - Add support for TLS_FALLBACK_SCSV (CVE-2014-3566). NOTE: This update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Desktop 12
Class:
patch
Reference(s):
  • SUSE-SU-2014:1524-1
  • CVE-2014-3513
  • CVE-2014-3567
  • CVE-2014-3568
  • CVE-2014-3566
Product(s):
  • openssl