OpenSSL vulnerability — not a problem for SUSE
A new vulnerability in OpenSSL has been discovered — specifically only if you are running OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. This vulnerability relates to certificate validation, and could allow an attacker to bypass that validation.
That’s the bad news.
The good news is that no releases of SUSE Linux Enterprise (or openSUSE) are affected by this vulnerability.
I repeat: If you are running SUSE Linux Enterprise your system is not impacted by this issue.
If you are, however, running a different system — and are currently using one of the vulnerable versions of OpenSSL — you have a few options for securing your system. Either by upgrading to OpenSSL 1.0.1p or 1.0.2d, which will address the issue. Or install SUSE Linux Enterprise.
No comments yet