Security update for openssl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:2981-1 Final 1 1 2017-11-10T12:09:11Z current 2017-11-10T12:09:11Z 2017-11-10T12:09:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openssl This update for openssl fixes the following issues: Security issues fixed: - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908) - out of bounds read+crash in DES_fcrypt (bsc#1065363) - DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) - Missing important ciphers in openssl 1.0.1i-47.1 (bsc#990592) Bug fixes: - support alternate root ca chains (bsc#1032261) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-OpenStack-Cloud-6-2017-1846,SUSE-SLE-SAP-12-SP1-2017-1846,SUSE-SLE-SERVER-12-SP1-2017-1846 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20172981-1/ Link for SUSE-SU-2017:2981-1 https://lists.suse.com/pipermail/sle-security-updates/2017-November/003391.html E-Mail link for SUSE-SU-2017:2981-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1027908 SUSE Bug 1027908 https://bugzilla.suse.com/1032261 SUSE Bug 1032261 https://bugzilla.suse.com/1055825 SUSE Bug 1055825 https://bugzilla.suse.com/1056058 SUSE Bug 1056058 https://bugzilla.suse.com/1065363 SUSE Bug 1065363 https://bugzilla.suse.com/990592 SUSE Bug 990592 https://www.suse.com/security/cve/CVE-2017-3735/ SUSE CVE CVE-2017-3735 page SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE OpenStack Cloud 6 libopenssl1_0_0-1.0.1i-54.8.1 libopenssl1_0_0-32bit-1.0.1i-54.8.1 libopenssl1_0_0-hmac-1.0.1i-54.8.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1 openssl-1.0.1i-54.8.1 openssl-doc-1.0.1i-54.8.1 libopenssl1_0_0-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libopenssl1_0_0-32bit-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libopenssl1_0_0-hmac-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS openssl-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS openssl-doc-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libopenssl1_0_0-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libopenssl1_0_0-32bit-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libopenssl1_0_0-hmac-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 openssl-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 openssl-doc-1.0.1i-54.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libopenssl1_0_0-1.0.1i-54.8.1 as a component of SUSE OpenStack Cloud 6 libopenssl1_0_0-32bit-1.0.1i-54.8.1 as a component of SUSE OpenStack Cloud 6 libopenssl1_0_0-hmac-1.0.1i-54.8.1 as a component of SUSE OpenStack Cloud 6 libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1 as a component of SUSE OpenStack Cloud 6 openssl-1.0.1i-54.8.1 as a component of SUSE OpenStack Cloud 6 openssl-doc-1.0.1i-54.8.1 as a component of SUSE OpenStack Cloud 6 While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. CVE-2017-3735 SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-1.0.1i-54.8.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-32bit-1.0.1i-54.8.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-1.0.1i-54.8.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1 SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-1.0.1i-54.8.1 SUSE Linux Enterprise Server 12 SP1-LTSS:openssl-doc-1.0.1i-54.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-1.0.1i-54.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-32bit-1.0.1i-54.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-1.0.1i-54.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-1.0.1i-54.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssl-doc-1.0.1i-54.8.1 SUSE OpenStack Cloud 6:libopenssl1_0_0-1.0.1i-54.8.1 SUSE OpenStack Cloud 6:libopenssl1_0_0-32bit-1.0.1i-54.8.1 SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-1.0.1i-54.8.1 SUSE OpenStack Cloud 6:libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1 SUSE OpenStack Cloud 6:openssl-1.0.1i-54.8.1 SUSE OpenStack Cloud 6:openssl-doc-1.0.1i-54.8.1 low 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20172981-1/ https://www.suse.com/security/cve/CVE-2017-3735.html CVE-2017-3735 https://bugzilla.suse.com/1056058 SUSE Bug 1056058